This is what the cyber security company warns Proof point. It was in May this year that the company first observed the form of the campaign, becoming a well-designed website and a streaming website with fake movies.
Instead of offering movies, the web distributes Busloader, Although it may seem inactive at first, it actually has the ability to download and install additional modules on the victim’s computer. Therefore, many attackers use it to download Modules with ransomware Dangerous as Rukin and Conti.
Bravo Movies: A Fake Movie Website
The main route of distribution Busloader Way Bravo Movies. For potential victims, their trial and trial period ends soon, unless they are unsubscribed from Bravo Movies on a monthly basis. You will receive an email stating that you will be charged 39.90.
That streaming platform does not actually exist, and email tries to scare users into calling a phone number. Leads users through the web with movie covers, FAQs, pricing details, and trial.
When a user logs in to unsubscribe, they are asked to download Excel Spreadsheet. When they open it, the document asks them to “activate the content”, from where they begin to execute the macros that the loader downloads.
Grammatical errors or fake websites: Check emails
The attackers clearly know that many users have subscribed Streaming platforms During an epidemic, in some cases they may have forgotten one of those platforms. So, they go to fake website and cancel the subscription because they are trying to intimidate the users.
As is always the case with these types of attacks, it is important to know the type of mail we receive, if we have actually subscribed to this service. A simple Google search shows us that the web does not exist. Checking the email for strange language is also an important sign that this is a fake email. For example, “We’re lucky you like it” is clearly misspelled, where many of these hackers do not have English as their first language, and they make a number of spelling and grammatical mistakes. It is also important to know How to protect yourself from ransomware.
The attackers used various domains such as Urbancinema.net, bravomovies.net and bvcinema.net. None of them work anymore.