Fake landing pages have become the main method of cybercrime scams.Liar created Hundreds of Netflix and Disney+ counterfeit goods Last few years. The BazaLoader team has also created fake websites before, including convincing underwear imitations Retailer. But BravoMovies really surpassed.
Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, said: “We have never seen a complete fake streaming website before.” “This is the next level of creativity in social engineering.”
The detailed information on the BravoMovies website does not always stand up to scrutiny, but they at least provide companies with a little credibility. The homepage has not only HD, but also “Full HD” and 4K streaming. Its category products are familiar, even if the title is clearly not. It advertises mainstream privileges such as offline viewing and downloading and compatibility with a range of devices, including the confusing Blu-ray player.
In order to produce convincing movie thumbnail posters, the attackers attacked the design-focused social network Behance to obtain images, as well as an advertising company and a book titled How to steal a dogThe results are biased towards absurdity, but honestly, compared to what you might find at the bottom of the Netflix queue, it’s not much.
To a certain extent, mistakes do pop out, um… maybe they are for you. “We have seen phishing pages built on free website builder sites that look like kids made them, but these pages are still successful,” Hasold said. “If someone has reached the point where they have entered this landing page, the small spelling errors that most people may see may trigger red flags, which may not have much impact.”
The scope of this activity and its ultimate goal are unclear. As a backdoor, BazaLoader acts as a temporary area for more specialized malware that will appear later. Think of it as the Bifröst bridge in Nordic legend, but it provides a channel for ransomware, not the grumpy Viking gods. ProofPoint stated that it did not detect what the payload of the second stage was, but BazaLoader is closely related to the organization behind the infamous Trickbot malware.
The complexity of the BravoMovies method also has its drawbacks. Although it’s convenient to bypass email protection, it’s easier to get people to click than to call. ProofPoint’s DeGrippo said: “Because it relies heavily on human interaction—that is, someone actually picks up the phone and makes a call—the receiver is less likely to come into contact with the threat actor.” She added that the BazaLoader team usually Thousands of emails will be sent in a given event, with a wide range of targets, across regions and industries.
Nevertheless, the fact that they invested so much time and energy shows that despite the complexity of the plan, it must be effective. There are more exciting robbery conspiracies. But, at least, for originality.
More exciting connection stories