The malware BazarCall has been distributed by fake call centers since January 2021. Threat actors use that malware to install BazarLoader malware.
Initially, the campaign started as a regular phishing campaign, but it evolved into creating fake call centers to distribute malicious Excel documents that install the malware.
Victims get an email about canceling a subscription before they get automatically charged money, and to cancel the subscription they need to call the number in the email. The call centers then direct users to the attacker's website where they can download a fake cancellation form which is actually BazarCall malware.