BazarBackdoor Uses Compressed Files To Deliver Malware

Security researchers have spotted a new phishing campaign in the wild that you’ll want to make a note of. In this case the hackers are attempting to deliver a malware strain known as BazarBackdoor by using an innovative compression technique and then disguising the malware as an image file.

Multi-compression isn’t a new technique but it has never been widely used. Although it does seem to be enjoying a surge in popularity lately among the hackers of the world. That is mostly because it’s pretty good at ‘tricking’ email security systems into thinking and flagging malicious attachments as clean.

By itself BazarBackdoor isn’t harmful but it opens the door and installs a perfectly legitimate toolkit called Cobalt Strike. That then allows the hackers to do pretty much anything they like from moving laterally inside your network, to launching ransomware attacks, copying and exfiltrating files, deleting files, or launching some other type of malware.

Even more disturbing is that earlier this year security researchers discovered a variant of BazarBackdoor written in a programming language called Nim which provides at least some evidence that this particular strain is increasing in popularity among hackers around the world.

Education is the key just like it always has been. Let your employees know to be on their guard and not to download any attachment (no matter how innocent looking) that comes from an address they do not know and are not familiar with.

Even that isn’t perfect protection but it’s certainly a powerful step in the right direction that will mitigate your risk.

Campaigns like this are further evidence that hackers are evolving and their tactics are becoming ever more sophisticated. The challenge in the year ahead and beyond will be to evolve even more quickly than the hackers are. At present it is not clear whether most companies can manage that feat.