The Microsoft team shared on Twitter the operation of a new ransomware campaign that has been putting users at risk for months.

Fake emails, phone numbers of an illegal call center and malicious code in Excel sheets are part of the strategy used by cybercriminals for this attack.



The Microsoft cybersecurity team has been monitoring this threat, and details the steps cybercriminals take to mislead users:

We are tracking an active BazaCall malware campaign leading to human-operated attacks and the deployment of ransomware. BazaCall campaigns use emails that entice recipients to call a number to unsubscribe from a certain service.

So it all starts with an email that “informs” the user that the trial period of a certain service is about to expire, and since the payment method is already registered, the subscription will proceed.

At this point, the user is nervous enough to call the phone number attached to the email, falling into the trap. Once they reach one of the phone numbers, they are asked to go to a website and download an Excel file to unsubscribe.

If the user follows all these steps and reaches the Excel file, they will notice that Microsoft throws a security warning, as you see in the image above. But if the user ignores this wake-up call and enables the content, it leads to the installation of malicious code, and opens the doors of their computer to cybercriminals.

Most users trust that email services usually detect spam and threats, removing them from the inbox. However, as the Microsoft team mentions, these types of emails are difficult to detect, as they do not contain malicious elements that trigger security system alarms.