Security researchers at Fortinet (opens in new tab) have discovered a new phishing (opens in new tab) campaign which tries to lure enterprise users with fake customer complaint reports, fake billing statements and even the offer of a phony bonus.
The campaign also uses a new variant of the Bazar trojan, which has been linked to the developers of Trickbot (opens in new tab), that comes equipped with anti-analysis techniques to make it more difficult for antivirus software (opens in new tab) to detect.
These anti-analysis techniques include hiding malicious APIs in the code, extra code obfuscation and encrypting some strings of the code to make the trojan more difficult to analyze.
- We've built a list of the best endpoint protection (opens in new tab) software around
- Keep your devices virus free with the best malware removal (opens in new tab) software
- Also check out our roundup of the best antivirus (opens in new tab) software
Bazar is a relatively new trojan which first appeared last year. If successfully deployed, it can provide cybercriminals with a backdoor into a compromised Windows system to allow them to control a user’s device, gain additional access to a corporate network to steal sensitive data and deploy malware (opens in new tab).
Regardless of the theme used, this new phishing campaign tries to encourage a potential victim to click on a link that redirects them to a malicious website with a downloadable PDF (opens in new tab).
However, while the page prominently features the PDF logo, it doesn’t actually contain a document. Instead there are three links that all point to the same executable which when downloaded, installs the Bazar trojan on a user’s system. Once installation is complete, a backdoor is present on a victim’s system that an attacker can exploit on their own or sell to other cybercriminals on dark web marketplaces (opens in new tab).
According to Fortinet, this phishing campaign remains active and attempted attacks are still being observed in the wild.
To prevent falling victim to this or other similar attacks, the firm’s researchers recommend that organizations provide training for their employees on how to identify and recognize online scams and attacks. At the same time though, organizations should also implement a patch management (opens in new tab) strategy to prevent cybercriminals from exploiting known vulnerabilities.
- We've also highlighted the best disaster recovery (opens in new tab) services
Via ZDNet (opens in new tab)