June 3, 2020 By Tara Seals
The stealthy backdoor is delivered via mass-market phishing emails that are well-crafted to appear convincing.
A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.”
The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaign used the legitimate marketing platform Sendgrid to reach targets in a mass-mailing fashion; however, the emails were well-crafted, with the operators making an effort to make the phishing links inside the emails look legitimate. The link addresses also corresponded to the emails’ lures, researchers said.