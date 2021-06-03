The creativity of cyber criminals has no limits, they have created a fake streaming platform to lure victims and distribute BazaLoader malware.

Computer attacks have grown greatly in recent years, but at the same time users have been learning to defend themselves. They are now more aware of the techniques hackers use and can more easily spot online scams.

This forces cybercriminals to be more creative and take social engineering techniques to another level. “We have seen attacks using well-known streaming brands for credential phishing, but this is totally new. We have never seen attackers create such a fraudulent platform from scratch so completely.” Explain Sherrod DeGrippo, Senior Director of the Proofpoint Detection and Investigation team.

The cybersecurity company Proofpoint has unveiled this new attack model with which criminals circumvent some of the barriers that have been developed to detect and stop phishing in operating systems and computer programs. They have resorted to a more elaborate technique, which requires more effort on their part, but which few users expect.

BravoMovies is the fake platform created by this group of criminals, they offer movies and series with a very complete website and for a subscription of $ 39.99 per month. Even the content they offer is fake, titles that don’t exist.

As explained in Proofpoint, victims receive an email message indicating that your trial subscription to BravoMovies has ended, that you must contact the company to cancel the subscription if you do not want a payment to be made to your bank account to collect the first month of subscription.

In the email phone numbers appear that the victim can call to correct the error. Cybersecurity researchers emphasize the growing number of attacks involving human interaction, telephone calls in which they notify us of a bug or offer and give us instructions to steal data or download malware onto the computer, as in this case.

This system requires greater user involvement, which could decrease the number of affected users completing the process, but thus cybercriminals avoid automatic malware or phishing detection systems. Email or browser protection systems that scan dangerous web addresses or files and alert the owner of the risk.

In the end, the victim is induced to unsubscribe from the service or hire it and download a document that is an Excel with the BazaLoader malware hidden. Detected in April 2020, it is used to download and run additional modules and “perform disruptive malware attacks, including Ryuk and Conti ransomware. A new social engineering technique to pay attention to, as it is very possible that it will be used in more attacks in the future.