New BazarBackdoor Attack Discovered
Researchers at SophosLabs came across the attack when it arrived in their inboxes.
“Spamming a security company with a malicious email featuring a novel attack technique might not have been the best decision by the operators,” said Andrew Brandt, principal researcher at Sophos.
The threat actors behind the campaign use socially engineered emails to scare their targets into opening an attachment and clicking on a malicious link.
Malware is then delivered to the victim through a fairly novel mechanism: the abuse of the appxbundle format used by the Windows 10 app installer.
In the email, the attackers impersonate a company manager and address the victim by name. Using an abrupt and threatening style, the attackers tell the victim that a complaint has been filed against them, and demand to know why this information wasn’t sent to the manager.
“The messages themselves were very short, but they were crafted with an understanding of the human psychology behind the adrenaline-rush of fear and had been personalized with both the name of the recipient and the targeted organization in both the subject line and the body,” said Brandt.