BazarBackdoor Uses Compressed Files To Deliver Malware. Finally, security researchers have spotted a new phishing campaign in the wild that you’ll want to make a note of. In this case, the hackers are attempting to deliver a malware strain known as BazarBackdoor uses the Compressed files technique and then disguising the malware as an image file.
Multi-compression isn’t a new technique and hasn’t really been in use. However, it seems to be enjoying a surge in popularity lately among the world’s hackers. That is because it’s pretty good at ‘tricking’ email security systems into thinking and flagging malicious attachments as clean.
BazarBackdoor isn’t harmful, but it opens the door and installs a legitimate toolkit called Cobalt Strike. That then allows the hackers to do pretty much anything they like, from moving laterally inside your network to launching ransomware attacks, copying, and exfiltrating files, deleting files, or launching some other type of malware.
Even more disturbing is that earlier this year, security researchers discovered a variant of BazarBackdoor written in a programming language called Nim which provides at least some evidence that this particular strain is increasing in popularity among hackers worldwide.
Education is the Key
Education is the key, just like it always has been. Let your employees know to be on their guard and not to download any attachment (no matter how innocent-looking) that comes from an address they do not know and are not familiar with.
Even that isn’t perfect protection, but it’s certainly a powerful step in the right direction that will mitigate your risk.
Campaigns like this are further evidence that hackers are evolving, and their tactics are becoming ever more sophisticated. The challenge in the year ahead and beyond will be to evolve even more quickly than hackers are. At present, it is not clear whether most companies can manage that feat.