A few months ago it was fake prescription subscriptions Today it's a fake streaming service Either way, you get infected with real malware

According to Proofpoint researchers, the BazarLoader (which Proofpoint calls BazaLoader) malware crew has a trial "subscription" to a fake streaming service called BravoMovies that will soon end and may send a fake notification via email that the user will be charged $3995 per month

"The entertainment-themed campaign was first observed in early May 2021, complete with a slick website featuring fake movies and posing as a streaming entertainment service" Proofpoint researchers Selena Larson and Matthew Mesa wrote in a blog post today (May 26)

"The use of lures to cancel streaming services capitalizes on the growing trend of users canceling online entertainment after the industry's significant growth in 2020

Naturally, they don't want to be charged a fee they don't remember signing up for, so they call the customer support number provided in the email A friendly service representative directs me to the BravoMovies website It even displays a fake movie poster

It is not the movie itself that infects you with malware Upon entering the site, one is directed to the FAQ section, where there is a page to manage "subscriptions"

After clicking "Cancel," you are prompted to download an Excel spreadsheet Once the spreadsheet is taken out of "protected mode" and macros are enabled, the BazarLoader malware is installed on the PC

If this sounds familiar, it is the exact same MO as the previous BazarLoader campaign, which told people they would be charged $70 to $90 per month for a fake medical prescription subscription

BazarLoader's other recent campaign also involved a malicious customer support call center and included bookstore orders and deliveries of flowers and intimate apparel for Valentine's Day

The BazarLoader malware is a "dropper" designed to drill holes in Windows systems so that more malware can be downloaded and installed Proofpoint researchers believe that this particular build of BazarLoader Although they could not confirm what it retrieves from the Internet, droppers have been known to install the TrickBot information stealer and Ryuk ransomware

As before, the best way to avoid falling for this scam is to take a deep breath before angrily calling a customer service number about a subscription plan you didn't subscribe to; a quick Google search will reveal that BravoMovies, a Streaming Service doesn't exist All we could find was a forum post from three weeks ago complaining about the scam

If you call that number, you should get a big wake-up call when the Excel spreadsheet is opened on your computer Never enable macros in Word, Excel, or PowerPoint files downloaded from the Internet Leave the protected mode on I cannot stress enough how important this is

The last line of defense, as always, is to install and run the best Windows 10 anti-virus software