Phishing campaign threatens job security, drops Bazar and Buer Malware

A spear-phishing campaign is threatening targets with false claims of employment termination due to economic impacts from the global pandemic. The goal of the attacker is to intimidate employees into clicking on a link that will ultimately lead to Bazar or Buer malware infections by way of Trickbot. This campaign employs a number of lures that threaten job security to coerce targets into clicking on the provided URL. The phishing messages are very simple and appear to originate from persons of authority within the targeted company, focusing on either employment termination or customer complaints. The use of common cloud-based hosting services allows the attacker to circumvent URL scanning techniques, as well as enables them to easily create new malicious links in the event that their URLs are identified as phishing pages.