Microsoft Warns That Hackers Using Call Centers to Trick Users Into Downloading Ransomware - Gizmodo
According to Palo Alto Networks threat intelligence analyst Brad Duncan, BazarLoader “provides backdoor access to an infected Windows host†and infections usually “follow a distinct pattern of activity.†Since February 2021, Duncan wrote, security researchers have noticed an unusual pattern of call center activity in BazarLoader infections.
When contacted, a call center operator directs the target to download an infected Excel spreadsheet, enable macros on it, and then informs them they have successfully unsubscribed from the service.
Additionally, Duncan wrote that the call center operation appears to involve a number of different individuals following a basic script, indicating it is complicated and involves a high degree of organization:.We contacted this call center on at least five different occasions, and the operator was a different person each time.