KEY POINTS

  • BazarCall activates malware infection through phone instructions
  • Hackers use fake subscription notifications to get potential victims' attention
  • The malware infects Windows devices by using Microsoft Office Word and Excel

A team of hackers is reportedly installing malware on Windows devices through call centers. The following are some bits of information about the said malware and a couple of tips to protect your devices.

Since late January, security researchers have eyed a malware distribution campaign called the "BazarCall." Hackers allegedly use this campaign to distribute the BazarLoader malware through a simple phone call, Bleeping Computer reported.

It is the first time that the tactic is seen on a large scale. Seeing a malware infection launched through a phone call is also something unique.

According to The Record, hackers start the attack with an email notification about a medical, IT or financial services subscription. The email says a free trial of a certain service is about to end and the recipient will be charged a monthly subscription fee afterward.

The recipient is then urged to call the number to avoid unnecessary charges for the subscription. Once the recipient calls the number, they are connected to an English-speaking call center operator who will ask for the details about the problem.

The victim is then directed to a certain page to cancel the subscription. As soon as the victim clicks the "unsubscribe" dialogue box, the browser prompts a Microsoft Office Excel or Word file download. An instruction then appears, saying that the victim must sign the document or spreadsheet digitally for their request to be processed.

When the victim opens the downloaded Excel or Word file, a security alert warning appears, indicating that macros have been disabled. This happens because Microsoft itself has sandboxed the file for potential threats. However, the operator on the other line urges the caller to enable macros for the subscription cancellation request to be processed.

Tom's Guide noted that enabling the macros means providing permission to the downloaded Microsoft Office file to install a dropper, a malware form that is capable of inflicting more harm to a device due to its internet access and ability to install more of its kind, to the device itself.

To stay protected from malware invasions such as BazarCall, here are a few tips:

  1. Invest in reliable antivirus software.
  2. Be mindful when subscribing to free trials of services.
  3. Be suspicious of notifications about expiring free trial subscriptions that you do not remember opting for.
  4. Be cautious in handling instructions from phone operators asking you to download an Office file, especially when you have to enable macros.
The technique of phishing, widely used by computer hackers, sees emails pretending to be a person known to the intended target, with the objective of obtaining information to infiltrate their computer systems
The technique of phishing, widely used by computer hackers, sees emails pretending to be a person known to the intended target, with the objective of obtaining information to infiltrate their computer systems AFP / Kirill KUDRYAVTSEV