BazarBackdoor Malware Distributed via Corporate Website Contact Forms

Threat actors are employing a new technique and leveraging website contact forms instead of common phishing emails to deliver BazarBackdoor. This helps them bypass security software detection.

What Is BazarBackdoor?

BazarBackdoor is malware that lets hackers achieve remote access to an internal device. If successfully exploited, it will serve them as a way to move laterally across the network.

The TrickBot group built BazarBackdoor, a backdoor trojan that is presently being developed by the Conti ransomware organization.

The BazarBackdoor malware is typically distributed by means of phishing emails that encompass malicious documents. These documents have further the ability to malware download and install.

What’s new is because systems like secure email gateways have improved their malware droppers detection hackers are starting to change their tactics too.

BazarBackdoor Is Now Distributed Through Contact Forms

Researchers from Abnormal Security have released a new report where they described thoroughly that the malicious campaign leveraging BazarBackdoor began in December last year. The underlined that the probable purpose was represented by Cobalt Strike or ransomware payloads deployment purposes.

Hackers have started however to change their way of distributing this type of malware as instead of employing phishing emails, they use for communication initialization corporate contact

Read More: https://heimdalsecurity.com/blog/bazarbackdoor-malware-distributed-via-corporate-website-contact-forms/