There are reports of the BazarLoader malware being spread via website contact pages:
Cedric Pernet’s article on TechRepublic starts with an excellent quote/reminder:
Everyone in the IT industry should be aware by now that email is the most used vector for cybercriminals to try to infect employees with malware.
Cedric Pernet on TechRepublic
Cybersecurity: Attacker uses websites’ contact forms to spread BazarLoader malware | TechRepublic
The BazarLoader malware is designed to be stealthy and resilient and when it infects a computer is commonly used to download further malware to the machine. But for it to carry out these malicious tasks it first has to get to the victim’s computer – using a website contact form is a new approach – the attackers will try anything that they think will lower your threat radar.
Social Engineering and Email Cyber Security Training
This type of social engineering attack is one that technical defences have trouble with, as the attacker has exploited the human tendency to trust, in establishing a relationship with the victim.
Smart Thinking Solutions in association Octagon Technology, run an excellent online training course that equips people to recognise and react to these types of social engineering attacks as well as reinforcing the technical side of cyber security defences.
Our next two courses are scheduled for:
31 March 2022 – 15.00 to 17.00
4 April 2022 – 08.00 10.00
Contact us for details or for the link to the EventBrite booking page to secure your place or places for your team. I think Kamila is going to be running an “Early Bird” promotion so quick is good.
Clive Catton MSc (Cyber Security) – by-line and other articles