A new and prolific phishing campaign is aiming to lure victims into believing that they have opened a subscription with a movie-streaming service, tricking them into calling a phone number to cancel the subscription. However, after contacting the call center, someone guides them through a procedure that eventually infects the victim’s computer with the BazaLoader malware. This malware creates a backdoor onto Windows machines that serve as an initial access vector for conducting additional malware attacks, such as ransomware.
The Ryuk ransomware is commonly deployed onto a victim’s device through BazaLoader. The latest campaign is based on social engineering and human interaction, meaning that the intricate attack chain is more successful and the malware is harder to detect. The campaign was discovered by researchers at Proofpoint, who state that the fake streaming service has been named BravoMovies by the threat actors. The website is convincing, containing fake movie posters and other information. The fraudulent emails state that the victims have signed up for a trial period that costs $39.99 per month.