Hello, welcome to the Friday, October 23rd, 2020 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Jan today took a look at a sample of Bazaar-Lauder Malspam. These emails have a pretty

wide variety of topics

they're trying to use

to trick the user

into clicking on the link

in these emails.

He had, for example,

Halloween parties,

he had bonuses

and, well,

some where you were actually fired.

And all of these emails arrived to the same account in actually a fairly short sequence.

But what's kind of interesting is also the variety of different cloud providers that were

used to store the malicious links and ultimately

the documents. At the top of the list, Google Docs and Google Docs remains very popular with

malware distributors and fishing sites to redirect users then to the ultimate malicious documents.

Google had talked about this before,

appears to have a hard time countering some of this abuse of its services.

But there was also a new entry here that I haven't seen yet,

and that was a link to a Slack. Now as Jan investigated this particular link, it was no longer available, but looks like they essentially

...