The new trojan BazarLoader is used by TrickBot gang to deploy Ryuk ransomware on high-value targets
TrickBot gang is known for using the trojans to compromise the enterprise networks by downloading software modules with the purpose of stealing passwords and further distribution. Those modules have been analyzed over time and the protection level against them has increased. Starting from April 2020 TrickBot has started using BazarLoader infection in their attacks. "The BazarBackdoor “blending-in“ simplicity and obfuscation layer allows the payload to be a better choice for high-value targets," according to Adavanced Intel security researchers. Read more...