HomeNewsBazarBackdoor Infects Victims Using a Windows 10 App Feature

BazarBackdoor Infects Victims Using a Windows 10 App Feature

-

Last Updated on 22/11/2021 by Sunaina

The virus BazarBackdoor has been identified using a Microsoft Windows 10 app feature to target its users. The assault was discovered after Sophos Labs’ own workers were targeted via spam emails employing standard social engineering techniques.

Attackers sent an email purporting to be from Sophos Main Manager Assistant and with the fictitious name Adam Williams. The email message asks the prospective victim why the receiver hasn’t reacted to a customer complaint and invites them to call back. Furthermore, the email contains a link to a PDF file that will assist them in resolving the customer’s issue. The URL, however, leads to pages that finally download the BazarBackdoor virus. The attackers are employing a novel and unique approach in which the Windows 10 App installer process (AppInstaller[.]exe) is exploited to distribute malicious payloads.

The phishing bait takes victims to a website and prompts them to click a button to read a ‘.PDF’ file. However, when the receiver hovers over the link, the prefix ms-appinstaller is shown. When the victim clicks on the link, the URL instructs the browser to use a programme used by the Windows Store application (AppInstaller[.]exe) to download/run whatever is available at the other end of the link. The link in the current assaults points to a text file called Adobe[.]appinstaller, which directs recipients to a bigger file (called Adobe 1.7.0.0 x64appbundle) located on another URL. A warning message appears, along with a notification that the programme is digitally signed with a certificate that was issued some months ago.

Victims are also asked to approve the installation of the Adobe PDF Component. If users provide permission, the BazarBackdoor malware is sent and run on the compromised system within a few seconds.

BazarBackdoor exploits Windows’ AppInstaller functionality, which has hitherto been an unusual target. According to researchers, this instance may entice additional attackers to go in this approach. As a result, it is recommended that companies and security software manufacturers have proper defences in place to identify and stop such assaults.

Sunaina
Sunaina
A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

How to recover data from Office 365? Best data protection standards...

0
You've made the switch to Office 365 to reap the benefits of the cloud.  It is just as important to ensure that your data is...