Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
In a new wave of phishing attacks, a new malware named ‘BazarBackdoor’, or internally by the malware developers as simply “backdoor”, is being installed that deploys a network-compromising toolkit for the threat actors. The malware has similarities to TrickBot trojan and developers of this malware are likely to be the ones behind Trickbot as well.
The initial attack starts with phishing campaigns that utilize a wide variety of lures such as customer complaints, COVID-19 themed payroll reports and employee termination lists that contain links to documents hosted on Google Docs.
Threat actors have worked specifically on the landing page to ensure that the victim falls prey to the lure and a lot of styling and detailing has been done to make sure that the landing page looks authentic.
Fake payroll template
Fake customer complaint template
When the link is clicked, an executable will be downloaded instead that uses an icon and name associated with the icon shown on the landing page.
After a victim launches the downloaded file, the loader will sleep for a short period of time and then connect to command and control servers to check-in and download the backdoor payload. After the payload is downloaded, it will be filelessly injected into the C:\Windows\system32\svchost.exe process.
A scheduled task will also be configured to launch the loader when a user logs into Windows, which will allow new versions of the backdoor to be routinely downloaded and injected into the svchost.exe process.
MD5
SHA-256
SHA1
URL