Wednesday, May 29, 2024
HomeCyber CrimeBazarBackdoor Spreads via Malicious CSV Files

BazarBackdoor Spreads via Malicious CSV Files


A new phishing effort has been discovered that infects targeted devices with malware utilising specially prepared CSV text files. The BazarBackdoor or BazarLoader trojan is the malware that has been installed.

CSV files are used

  • Researchers have discovered 102 actual non-sandbox firms, as well as government victims, in the last two days.
  • A security researcher discovered a phishing campaign in which phishing emails seem to be Payment Remittance Advice, with links to external sites that download a CSV file, document-21966[.]csv.
  • The document-21966[.]csv file is basically a text file with data columns separated by commas and an odd WMIC call that runs a PowerShell operation in one of the data columns.
  • The Dynamic Data Exchange function (DDE) in this campaign employed WMIC to establish a new PowerShell process that accesses a remote URL with another PowerShell command that is also performed.
  • The picture[.]jpg file is downloaded and saved as 87764675478[.]dll by the remote PowerShell script command. BazarLoader is installed and BazarBackdoor and other payloads are deployed using the DLL file.

Additional information

When the CSV file is accessed in Excel, the programme detects the DDE call and displays a dialogue box to users who have been recognised as having a security issue.

Even if the feature is enabled, Excel will require the user to confirm that WMIC has permission to access the remote data.

If the user agrees to both questions, Excel runs the PowerShell scripts that download the DLL and install BazarBackdoor.


BazarBackdoor is a significant hazard that allows threat actors to get access to business networks’ systems. As a result, businesses should be aware of this issue and the accompanying attack methods. Furthermore, experts advise deploying dependable anti-malware solutions and training personnel on how to spot phishing emails.


Previous article
Next article


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us