Over the years, the strategies to steal
passwords have been refined. The methods of
persuasion used by hackers to achieve their goal are increasingly varied. This time,
It involves combining an email and a phone call. Like this,
They want the victim to download malware in order to then have free rein to
steal passwords or introduce ransomware.
On this occasion, The victim receives an email, So far
nothing new. This email tells them that they have a subscription on a
payment platform and that to cancel it they must call a number
phone, mentioned in the email. The user becomes alarmed and thinks
que le han robado la cuenta o ha habido algún problema similar.
En esa llamada, el atacante le indica a la víctima que tiene
que descargar un archivo para cancelar la suscripción. El atacante guía a la
víctima hasta que ha descargado el archivo, que resulta ser un malware.
Concretamente, esta estafa consiste en simular ser un
servicio de streaming, tan populares ahora. Estos datos robados terminan en la
dark web y pueden ser usados por terceros para robar información y llevar a
cabo suscripciones fraudulentas.
Volviendo a la llamada telefónica, la víctima descarga e
instala BazaLoader, un malware que abre una puerta trasera en los sistemas
Windows. El atacante así va a tener control total sobre el sistema y puede
desplegar diferentes estrategias y colar otras variedades de malware.
These attacks can range from information theft,
stealing files, infecting the computer in various ways or introducing a
ransomware.
In these cases, it is recommended to use common sense. It is essential to know how to recognize a website as a phishing attack, as well as it is essential to have security programs that can protect us.