Microsoft has claimed a ransomware campaign employing bogus call centers to trick victims into downloading malware may be more dangerous than previously thought.
According to Cyberscoop, Microsoft researchers highlighted that because the malware isn’t in a link or document within the email itself, the scam helps attackers bypass some phishing and malware detecting services.
Microsoft said it first examined the scheme in May – named BazaCall – which it outlined featured attackers posing subscription service providers who lure victims onto the phone to cancel non-existent subscriptions. From here, call centre workers guided them to download malware onto their computers.
While traditional malware would commonly instruct users to click a link within an email or download an attachment, BazaCall contains a unique ID number that instructs the user to call a number that connects them with a human.
Researchers recently added that the malware not only enables hackers with a one-time backdoor into a device, but to also remotely control the system. This, the firm claims, means it’s even easier for them to sweep for files and find high-end user credentials.
Copyright © 2021 FinTech Global