From PC Mag: Microsoft is warning Office users of a new malware campaign, called "BazaCall," involving fake subscriptions, fraudulent call centers, and a malicious Excel spreadsheet.
The warning comes via Microsoft Security Intelligence, the company's global network of security experts. They have identified what is being called "human-operated attacks and ransomware deployment" using emails to lure recipients into making a call and downloading malware. As ZDNet reports, it's Office users at most risk here due to the use of a malicious Excel spreadsheet by the attackers.
The attack starts with an email, which tells a user they have come to the end of a free trial for a specific piece of software (the name varies) and that payment will be taken soon. The email also states payment details have already been provided and that the user has agreed to continue using the software. Of course, this isn't true, but the thought of money being taken from a bank account will convince at least some email recipients to call the provided phone number to cancel the (fake) subscription.
Calling the number leads to a fraudulent call center where an operator tells the user to download an Excel spreadsheet using a link they provide. The file contains a malicious macro, which gets triggered when the user clicks "Enable Content" in the spreadsheet. This in turn leads to the BazalLoader malware being installed and used to download an additional payload. Microsoft says that once the attackers have access they are stealing user credentials, Active directory databases, and can ultimately decide to infect the system with ransomware before demanding payment to unlock the encrypted data.
View: Full Article
