Published: 25th June 2021
Windows computers with MS Excel susceptible to new phishing scam, Microsoft warns users
The new threat involves BazarLoader, a type of malware that allows backdoor access to infected computers. It works by allowing criminals to sneak in through a hidden backdoor
Tech giant Microsoft has issued a warning to Windows users of a new type of phishing scam that involves emails requesting users to dial a call centre. Via its Security Intelligence account on Twitter, the company warned users to not dial the call centre because following the instructions given by a human operator can lead to malware infections. The malware scam only works with Windows computers that have Microsoft Excel, TechXplore reported.
The new threat involves BazarLoader, a type of malware that allows backdoor access to infected computers. It works by allowing criminals to sneak in through a hidden backdoor on a user's computer, which allows them to install viruses or other types of malware. Over the past several years, criminals have used different methods to trick users into carrying out instructions that allow BazarLoader to infect their computer, the report said.
In this new campaign, Microsoft reports that such criminals are using an email/call centre approach. The new approach involves an email sent to users, claiming that a trial subscription is about to expire and that the user's credit card is going to be used to automatically charge them unless they dial a specified number. If a user falls for the message and calls the centre, a human being answers and claims that all they need to do is download a certain Excel spreadsheet.
After they do so, the victim is instructed to enable macros on the file, which paves the way for infection by BazarLoader. The criminal operator at the fake call centre then tells the victim that the subscription has been revoked and that their credit card will not be charged.
But those infected are then at risk of private data theft from the criminals running the new BazarLoader campaign as they have given themselves direct access. Users also run the risk of a ransomware attack. As part of its tweet, Microsoft said that they are tracking the campaign.