This fake movie streaming service actually installs a backdoor

News
By
published

Canceling your BravoMovies subscription will infect your system with malware

BravoMovies Fake Streaming Service
(Image credit: Proofpoint)

Cybercriminals have created a fake streaming service with the end goal of tricking users into installing the BazaLoader trojan on their systems according to new research from Proofpoint.

The cybersecurity firm first observed the entertainment-themed campaign in May of this year as it masqueraded as a real streaming service online with a slick website featuring fake movies.

The campaign itself is used to spread BazaLoader which has the capability to download and install additional modules on victim's systems. Multiple threat actors are currently using the loader to distribute ransomware including Ryuk and Conti. 

According to Proofpoint's analysis, the firm can say with high confidence that there is a strong overlap between the distribution and post-exploitation activity of BazaLoader and the cybercriminals behind the Trickbot malware.

BravoMovies

The latest BazaLoader campaign begins with potential victims receiving an email telling them that their trial period is over and that they will be charged $39.99 per month unless they cancel their subscription to the fake streaming service BravoMovies.

These phishing emails contain a phone number that users can call if they wish to cancel their subscription. If a user calls this number, a customer service representative will then verbally guide them to BravoMovies' website. The cybercriminals behind this campaign have certainly done their homework as the site looks like a real streaming service complete with fake movies and posters, an FAQ, pricing details and even a free trial.

When a user visits the BravoMovies website, heads to the FAQ section and follows the directions to unsubscribe via the “Subscription” page, they will be asked to download an Excel spreadsheet. This document then asks them to “Enable Content” and malicious macros are used to download BazaLoader.

The reason this campaign has been successful so far is due to the fact that many viewers signed up for and then canceled multiple streaming services during the pandemic. Cybercriminals are well aware of these behaviors which is why they used them to their advantage when launching this new BazaLoader campaign.

To prevent falling victim to this and similar campaigns, users should only sign up for reputable streaming services after doing their research and remember that if something seems too good to be true, it probably is.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
A padlock resting on a keyboard.
Understanding and avoiding malvertizing attacks
Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
An image of a Jackbox Games Party Pack
Jackbox games is coming to smart TVs in mid-2025, and I can’t wait to be reunited with one of my favorite party video games
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
An image of a Jackbox Games Party Pack

Jackbox games is coming to smart TVs in mid-2025, and I can’t wait to be reunited with one of my favorite party video games
See more latest
Most Popular
An image of a Jackbox Games Party Pack
Jackbox games is coming to smart TVs in mid-2025, and I can’t wait to be reunited with one of my favorite party video games
Google Gemini Calendar
Gemini is coming to Google Calendar, here’s how it will work and how to try it now
Ryzen AI Max+ 395
Race to launch most powerful AI mini PC ever heats up as GMKTec confirms Ryzen AI Max+ 395 product for May 2025
Apple iPhone 16e
Which affordable phone wins the mid-range race: the iPhone 16e, Nothing 3a, or Samsung Galaxy A56? Our latest podcast tells all
Apple's Craig Federighi demonstrates the iPhone Mirroring feature of macOS Sequoia at the Worldwide Developers Conference (WWDC) 2024.
Report: iOS 19 and macOS 16 could mark their biggest design overhaul in years – and we have one request
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet