The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks.
The scheme eventually acts as an entry point to conduct financial fraud or facilitate the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week.
Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K.
BazaCall, also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor (aka BazarLoader) malware by manipulating potential victims into calling a phone number specified in decoy email messages.
These email baits aim to create a false sense of urgency, informing the recipients about renewal of a trial subscription for, say, an antivirus service. The messages also urge them to contact their support desk to cancel the plan, or risk getting automatically charged for the premium version of the software.
images from Hacker News