This fake movie streaming service actually installs a backdoor

Canceling your BravoMovies subscription will infect your system with malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals have created a fakestreaming servicewith the end goal of tricking users into installing the BazaLoader trojan on their systems according to new research fromProofpoint.

The cybersecurity firm first observed the entertainment-themed campaign in May of this year as it masqueraded as a real streaming service online with a slick website featuring fake movies.

The campaign itself is used to spreadBazaLoaderwhich has the capability to download and install additional modules on victim’s systems. Multiple threat actors are currently using the loader to distributeransomwareincluding Ryuk and Conti.

According toProofpoint’s analysis, the firm can say with high confidence that there is a strong overlap between the distribution and post-exploitation activity of BazaLoader and the cybercriminals behind theTrickbotmalware.

BravoMovies

BravoMovies

The latest BazaLoader campaign begins with potential victims receiving an email telling them that their trial period is over and that they will be charged $39.99 per month unless they cancel their subscription to the fake streaming service BravoMovies.

Thesephishing emailscontain a phone number that users can call if they wish to cancel their subscription. If a user calls this number, a customer service representative will then verbally guide them to BravoMovies' website. The cybercriminals behind this campaign have certainly done their homework as the site looks like a real streaming service complete with fake movies and posters, an FAQ, pricing details and even a free trial.

When a user visits the BravoMovies website, heads to the FAQ section and follows the directions to unsubscribe via the “Subscription” page, they will be asked to download an Excel spreadsheet. This document then asks them to “Enable Content” andmalicious macrosare used to download BazaLoader.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The reason this campaign has been successful so far is due to the fact that many viewers signed up for and then canceled multiple streaming services during the pandemic. Cybercriminals are well aware of these behaviors which is why they used them to their advantage when launching this new BazaLoader campaign.

To prevent falling victim to this and similar campaigns, users should only sign up for reputable streaming services after doing their research and remember that if something seems too good to be true, it probably is.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday