Despite only emerging in March 2021 in the BazarCall campaign that leveraged phishing emails purporting to be from various subscriptions in an effort to distribute the BazarLoader malware, callback phishing attacks have since become a formidable cybersecurity threat amid the adoption of numerous threat groups, such as Quantum, Silent Ransom Group, and the Royal ransomware operation, BleepingComputer reports.
While threat actors continue to leverage the same phishing lure of invoices for payments to Microsoft, Norton, Geek Squad, PayPal, and McAfee, they have since implemented new social engineering techniques, according to a Trellix report. One of the new attacks involved the delivery of phishing emails seeking recipients to contact the scammer using the provided number, where they are requested to provide verification details. Such verification details will be claimed by the scammer to be not included in their system and that the email received was spam that may have prompted a malware infection, with the scammer now handing off the victim to a technical specialist, who will then aid in the installation of malware in the guise of an antivirus program. Most of the new campaigns involved the delivery of the 'support.Client.exe' executable, which prompts that installation of the ScreenConnect remote access tool, said Trellix.