Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This fake movie streaming service actually installs a backdoor

Image Description

Cybercriminals have created a fake streaming service with the end goal of tricking users into installing the BazaLoader trojan on their systems according to new research from Proofpoint.

The cybersecurity firm first observed the entertainment-themed campaign in May of this year as it masqueraded as a real streaming service online with a slick website featuring fake movies.

The campaign itself is used to spread BazaLoader which has the capability to download and install additional modules on victim's systems. Multiple threat actors are currently using the loader to distribute ransomware including Ryuk and Conti. 

According to Proofpoint's analysis, the firm can say with high confidence that there is a strong overlap between the distribution and post-exploitation activity of BazaLoader and the cybercriminals behind the Trickbot malware.

BravoMovies

The latest BazaLoader campaign begins with potential victims receiving an email telling them that their trial period is over and that they will be charged $39.99 per month unless they cancel their subscription to the fake streaming service BravoMovies.

These phishing emails contain a phone number that users can call if they wish to cancel their subscription. If a user calls this number, a customer service representative will then verbally guide them to BravoMovies' website. The cybercriminals behind this campaign have certainly done their homework as the site looks like a real streaming service complete with fake movies and posters, an FAQ, pricing details and even a free trial.

When a user visits the BravoMovies website, heads to the FAQ section and follows the directions to unsubscribe via the “Subscription” page, they will be asked to download an Excel spreadsheet. This document then asks them to “Enable Content” and malicious macros are used to download BazaLoader.

The reason this campaign has been successful so far is due to the fact that many viewers signed up for and then canceled multiple streaming services during the pandemic. Cybercriminals are well aware of these behaviors which is why they used them to their advantage when launching this new BazaLoader campaign.

To prevent falling victim to this and similar campaigns, users should only sign up for reputable streaming services after doing their research and remember that if something seems too good to be true, it probably is.

Date

27 May 2021

Sources


Share


Other Blog

  • Common misperceptions around ransomware attacks

    To help you stay ahead of sophisticated ransomware gangs, avoid holding these common misperceptions.

    Read More
  • Malicious Microsoft Office files are running rampant

    Report claims there was a 67% spike in the distribution of malicious Office files last year.

    Read More
  • Nvidia GeForce RTX 3050 and 3050 Ti laptop GPU specifications revealed by Lenovo

    The next generation of entry-level gaming laptops is nearly here, with Lenovo confirming clock speeds and TGP of the unreleased GPUs.

    Read More
  • Build 2021: Windows 10 now on more than one billion devices

    Satya Nadella reveals Windows 10 mega growth at Build 2021.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us