HomeNewsBazarBackdoor Infects Victims Using a Windows 10 App Feature

BazarBackdoor Infects Victims Using a Windows 10 App Feature


We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 22/11/2021 by Sunaina

The virus BazarBackdoor has been identified using a Microsoft Windows 10 app feature to target its users. The assault was discovered after Sophos Labs’ own workers were targeted via spam emails employing standard social engineering techniques.

Attackers sent an email purporting to be from Sophos Main Manager Assistant and with the fictitious name Adam Williams. The email message asks the prospective victim why the receiver hasn’t reacted to a customer complaint and invites them to call back. Furthermore, the email contains a link to a PDF file that will assist them in resolving the customer’s issue. The URL, however, leads to pages that finally download the BazarBackdoor virus. The attackers are employing a novel and unique approach in which the Windows 10 App installer process (AppInstaller[.]exe) is exploited to distribute malicious payloads.

The phishing bait takes victims to a website and prompts them to click a button to read a ‘.PDF’ file. However, when the receiver hovers over the link, the prefix ms-appinstaller is shown. When the victim clicks on the link, the URL instructs the browser to use a programme used by the Windows Store application (AppInstaller[.]exe) to download/run whatever is available at the other end of the link. The link in the current assaults points to a text file called Adobe[.]appinstaller, which directs recipients to a bigger file (called Adobe x64appbundle) located on another URL. A warning message appears, along with a notification that the programme is digitally signed with a certificate that was issued some months ago.

Victims are also asked to approve the installation of the Adobe PDF Component. If users provide permission, the BazarBackdoor malware is sent and run on the compromised system within a few seconds.

BazarBackdoor exploits Windows’ AppInstaller functionality, which has hitherto been an unusual target. According to researchers, this instance may entice additional attackers to go in this approach. As a result, it is recommended that companies and security software manufacturers have proper defences in place to identify and stop such assaults.

A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...