BazaFlix Spam Campaign Spreads the BazarCall Malware
The operators of the BazarCall malware are utilizing a new type of attack to deliver malicious email attachments to their victims. The attack, dubbed BazaFlix, focuses on the usage of fake messages and emails, which urge the user to cancel a subscription to a video streaming service. The criminals have even set up a fake website, which looks like a real streaming service called BravoMovies. Of course, neither the company nor the service are real – they are simply a part of the criminals' elaborate phishing campaign.
Users who receive the message may be tempted to follow the instructions there since the email warns them that they are about to be charged $39.99/month if they do not cancel their subscription. Allegedly, the cancellation form is attached to the email, and it must be downloaded and filled out to complete the process. However, the attachment is a macro-laced Microsoft Excel documents tailored to drop the BazarCall malware.
BazarCall is an enhanced version of the BazarLoader malware, and it is often used as a first-stage payload, which then introduces other threats to the compromised system. It has been commonly used in combination with high-profile threats like TrickBot and IcedID, which focus on obtaining financial information from their victims.
Needless to say, the BazaFlix campaign is very dangerous, and you should do your best to stay safe. Use a reliable antivirus software suite, and always be wary of suspicious email messages, which urge you to download file attachments.