February 18, 2021

New phishing attack promises salary increase but delivers trojan

Fake emails that deliver a trojan

A new phishing campaign tries to lure users into downloading the latest version of the Bazar Trojan through fake emails claiming that the recipient has received a salary bonus.

The discovery of the Bazar trojan

The Bazar Trojan was first discovered a year ago and can give cybercriminals a backdoor into infected Windows systems, allowing them to control the device and gain further access to the network to collect sensitive information or deliver other malware, such as ransomware.

Now, cybersecurity researchers at Fortinet have identified a new variant of the Bazar Trojan, which has been equipped with anti-analysis techniques to make it harder for antivirus software to detect.

How the Bazar trojan spreads

The Trojan is spread through phishing emails that try to trick business users with false promises of salary increases, false customer complaints and fake invoices. What these phishing emails have in common is that they try to get the recipient to click on a link that claims to lead to a PDF file containing further information on the subject of the message.

These links lead to a malicious webpage that references the original email and asks users to download a file containing the Bazar Trojan.

To avoid falling victim to phishing attacks that distribute Bazar or other types of malware, researchers recommended that organizations provide guidance to their employees on how to identify and protect themselves from attacks and scams.

Nimblr offers short courses

Nimblr Security Awareness through its simulations and "Zero-Day-Classes" short courses on the latest threats for business users in order to create a recognition factor and increase security awareness.

Making the internet safer