Home News Sideloading: A New Malware Delivery Method via Spam Email

Sideloading: A New Malware Delivery Method via Spam Email

A threat actor known for deploying Trickbot and BazarLoader payloads is now delivering malware via Sideloading spam email.

Cyber Espionage Campaign Naikon APT

Cybercriminals often rely on different malware campaigns to exploit new vulnerabilities and break into critical network systems. The latest security research from the Mimecast threat center uncovered a new malware campaign via Sideloading technique. The threat actor behind this campaign is known for delivering Trickbot and BazarLoader malware payloads on the compromised system that leads to ransomware attacks.

What is Sideloading?

Sideloading is the process of adding an application that is not vetted by the developer of the mobile’s operating system. Threat actors leverage Sideloading technique to spread malware via fake or malicious apps across end-users.  Sideloading method enables access to mobile applications that are unavailable in official app stores.

Exploiting Microsoft Feature

The researchers stated that the attackers behind the campaign had exploited a feature in Microsoft’s App Installer. The App Installer is a software component of Windows 10 used for the installation and maintenance of applications. It allows the users to sideload Windows 10 apps from a web page while bypassing the Windows store.

“Unfortunately, a threat actor known for spreading Trickbot and BazarLoader, which deliver spam often resulting in ransomware attacks, has exploited this feature. This is yet another example of the importance of updated email antispam software to help prevent ransomware attacks,” the researchers said.

The researchers found that scammers sent legitimate-looking emails with malicious attachments to unwitting users, tricking them to click or download. The attackers created a sense of urgency by keeping the email subject as a customer complaint. Instead of downloading, the users are tricked into thinking they need an app to view the email attachment. But when users click install, they end up downloading an app bundle used by Windows 10 containing malware.

The researchers claim that this campaign has been seen more than 16,000 times across varying countries, including the U.S., the U.K., Germany, Australia, and South Africa.

Conclusion

This campaign represents the importance of implementing robust email security software by organizations to prevent malware threats. Companies can initiate an effective email antispam security and train their employees on phishing threats, eventually strengthening the overall security posture.