Contact forms used to disseminate BazarBackdoor

Security Malware and Antivirus viruses BazarBackdoor uses the contact forms on company sites to gain access to computers and spread across the internal network.

Cybercriminals are always looking for new ways to increase the chances of success of cyber attacks by avoiding antivirus defenses. BazarBackdoor malware is usually spread via phishing, but an alternative has recently been used, namely the contact forms on company websites. An up-to-date security solution, such as those from Kaspersky (currently on offer), can detect the danger. Protect your data: discover the offers today. New trick to distribute BazarBackdoor BazarBackdoor (also known as BazarLoader) allows cybercriminals to gain access to the computer and thus to the corporate network. It is usually distributed via phishing emails with attachments that contain malware or connects to a remote server for download. Attacks with a different origin have recently been detected, namely the form that companies publish on the site to be contacted by potential customers.

The attacker initiates communication with an employee who responds to the request. The cybercriminal then sends an email with a link to a shared file via a sharing service, such as WeTransfer or TransferNow. The file is not attached to the email to avoid a possible block. In the case of BazarBackdoor it is an ISO image that contains a .lnk file and a .log file. The .lnk file contains the command that allows you to run the .log file. The latter is actually the BazarBackdoor DLL that is injected into the svchost.exe process to avoid its detection. The remote server contacted by the malware is not active, as it is only the first stage of the attack (the second could download a ransomware to the computer).