A new phishing effort has been discovered that infects targeted devices with malware utilising specially prepared CSV text files. The BazarBackdoor or BazarLoader trojan is the malware that has been installed.
When the CSV file is accessed in Excel, the programme detects the DDE call and displays a dialogue box to users who have been recognised as having a security issue.
Even if the feature is enabled, Excel will require the user to confirm that WMIC has permission to access the remote data.
If the user agrees to both questions, Excel runs the PowerShell scripts that download the DLL and install BazarBackdoor.
BazarBackdoor is a significant hazard that allows threat actors to get access to business networks’ systems. As a result, businesses should be aware of this issue and the accompanying attack methods. Furthermore, experts advise deploying dependable anti-malware solutions and training personnel on how to spot phishing emails.