Quote:There’s a new, fake movie-streaming service in town called BravoMovies, and the offerings are utter garbage. Despite its pretty pictures and fun-sounding titles, it’s got nothing to offer for download besides BazaLoader malware.
 
BazaLoader is a loader used to deploy ransomware or other types of malware and to steal sensitive data from victimized systems.
 
On Wednesday, Proofpoint researchers said in a report that they first observed BazaLoader in April 2020. Multiple threat actors are using the downloader, which is written in C++, to load malware such as Ryuk and Conti ransomware. As well, Proofpoint researchers said that they’re confident that there’s a “strong overlap” between the distribution and post-exploitation activity of BazaLoader and the threat actors behind The Trick malware, also known as Trickbot.
 
The BravoMovies campaign uses an elaborate infection chain that’s in keeping with BazaLoader affiliates, who coax their victims into jumping through a number of hoops in order to trigger the malware payloads. It starts with an email telling recipients that their credit cards will be charged unless they cancel their subscription to the service – a subscription that they never signed up for, of course.

Quote:Proofpoint researchers wrote that BravoMovies has the charade down pat. The fake movie-streaming service looks just like a legitimate movie and TV streaming service, complete with fake movie titles as a landing page. In fact, the threat actors jerry-rigged fake posters. “The threat actors used fake movie posters obtained from various open-source resources including an advertising agency, the creative social network Behance, and the book ‘How to Steal a Dog'”, researchers said.