The Bazar Trojan Strikes

Getting a bonus is always good… unless it’s an advanced Bazar Trojan in disguise

( 3 min read )

Security researchers have found a deadly variant of a Bazar Trojan that grabs control of your machine and cedes it to hackers who can do with it what they want. Like most advanced malware, the method of entry for the malware is through phishing emails.

How is the Bazar Trojan spreading?

The phishing emails that are the vehicles for delivering the Bazar Trojan are targeting the industries of healthcare, technology, manufacturing and logistics across North America and Europe.

These emails are worded to pique the curiosities of the employees working in these sectors. And whatever the differences in these industries, one email that excites every employee in the world is an email that promises a bonus.

Along with the ruse of a bonus, some of these emails follow the themes of customer complaints, billing reports, and other common triggers for enterprise employees. In the body of the email is a phishing link which redirects to a PDF file which supposedly contains “additional information” on the matter. When the user attempts to download the PDF, the Bazar Trojan gets installed on the victim’s machine.

How does the Bazar Trojan work?

Security researchers say this particular strain of the Bazar Trojan is equipped with advanced anti-detection mechanisms. These mechanisms contain certain malicious API which are called only when needed and are dormant otherwise. Because these API calls aren’t always active, the trojan manages to obfuscate the malicious code behind the malware. This in turn, makes it harder for anti-virus solutions to detect the Bazar Trojan as it does its dirty work.

But, the trojan itself doesn’t do much. All it does is create backdoor accounts in the system. Using these accounts, hackers can then enter the system and gain full access to the system. They can also access the network the compromised machine is a part of and then deliver malware via the network to other victims.

The hackers can use these backdoors for themselves and their own malicious purpose like data theft or data corruption. Or, they can sell this direct access to other hackers at cost, thereby making themselves money.

Case Study: The first emergence of this trojan.

3 Techniques for Preventing Such Trojan Attacks

So, how can you keep the Bazar Trojan at bay? There are some potent steps you can take.

Patch up your applications

Sometimes, security holes left behind in some application releases can cause trouble. Typically, the software fixes these known bugs (reported by users / uncovered by the developers) in future releases. If you do not update to these releases in a timely manner, you are leaving a security gap for hackers to exploit. Although this particular case of the Bazar Trojan used email to gain illegal access to the victim’s machine, the malware can also inject itself via these security gaps. So, it’s always a safe bet to update all your applications as soon as the update rolls out.

Security training

You may have read this advice on several of our previous blogs, but we’re repeating it again because it holds that much weight. Awareness can keep even the most advanced attacks away. Conduct security webinars in your organization so every last employee stays up-to-date on the best security practices and does not take an emotional or foolhardy action in response to phishing attempts.

Additionally, you can also instigate response tactics if in case you realise you’ve fallen prey to a malware attack. This will help you recover better instead of running helter-skelter and not knowing what to do.

Invest in an email security solution

Email is the most popular point of entry for malware attacks. An email security service will do all the heavy lifting for you. Modern email threat protection tools are complemented with intelligent threat detection capabilities that learn to protect your email against emerging threats. Coupled with points #1 and #2 above, an email security service will nicely round off your security standing and make your business bulletproof against security threats.

Take a look at our Talos Intelligence enabled Cisco Email ATP service which provides all the modern features we just discussed. It also comes with add-on DMARC and bulk emails.

Reading Resource: The Ultimate Guide To Prevent Phishing. If you have specific security queries bespoke for your niche market, we can discuss those too! Just drop us a query and someone from our team will respond in no time.


Frequently Asked Questions

What is a trojan virus?

A Trojan Horse malware is a type of deadly virus which enters your system disguised as a legitimate software. The victim, falsely trusting the software, invokes the trojan by interacting with the software, which in turn triggers its malicious activities like data corruption and theft.

What is a backdoor account?

Backdoor accounts are a means of illegally and remotely accessing a device by bypassing the means of authentication and verification. Backdoor accounts are typically created by a malware which then exits the system, allowing for further cyber infection later on.

What are zero-day attacks?

Zero-day attacks are cyber attacks which are caused by exploiting gaps in a software’s secure updates. Typically, when software developers become aware of bugs and security holes in their application, they patch the vulnerability in the form of a software version upgrade. If you fail to update the software version, you leave the security vulnerability wide open for exploitation.

Leave a Reply

Your email address will not be published. Required fields are marked *