Popular project management tool used in phishing attacks

News
By
published

Basecamp is being used for malware and phishing campaigns

(Image credit: wk1003mike / Shutterstock)

Basecamp, a popular project management tool, is being used by cyberattackers in a variety of ways, according to new security research. As well as being used to distribute the BazarLoader malware, it is also being employed as part of a number of phishing campaigns.

Threat actors are using public Basecamp links to host BazarLoader executables disguised as genuine Basecamp links. Once installed, BazarLoader allows other cyberattackers to infiltrate a network with the ultimate goal of unleashing the Ryuk ransomware.

The BazarLoader trojan, sometimes spelt BazaLoader, has hit the headlines this year as part of several notable malware campaigns. It has previously been linked to a phishing campaign that sought to trick victims with false claims about US President Donal Trump’s health.

Go phish

The trustworthy reputation that Basecamp enjoys is also being used as part of a phishing campaign. Cybersecurity firm Cyjax has discovered that attackers are using Basecamp to host webpages that redirect unsuspecting online users to phishing landing pages. Many security solutions will view the webpages as being safe if Basecamp is used as an intermediary.

“This technique is effective because Basecamp and Google Cloud hosting are often used for business operations and are regarded as safe by default by most detection systems,” security researcher William Thomas explained. “Cloud platforms also preserve the anonymity of their users and can be set up in no time at all. They are difficult for human SOC analysts to recognize as a threat because the traffic to and from these services appears legitimate.”

More importantly, Basecamp pages can easily be edited, allowing threat actors to shift tactics when security solutions do eventually catch up with them. By altering a Basecamp intermediary page and redirecting victims to a different phishing landing site, cybercriminals can keep modifying a campaign to avoid detection.

Via Bleeping Computer

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – here's everything we know about Twitter's third massive outage today
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
A screen shot from a promotional video showing the HealthBuds fitness tracking earphones from Synseer
These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
Sony WH-CH520 Wireless Bluetooth Headphones in cappuccino color on cyan radar background with price cut sign

These excellent cheap Sony headphones are now just $38 at Amazon
See more latest
Most Popular
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A laptop on a desk with the Windows 11 background on its screen.
Microsoft is adding image editing and compression to its Windows Share feature - and I couldn't be happier
A screen shot from a promotional video showing the HealthBuds fitness tracking earphones from Synseer
These mysterious wireless earbuds claim to monitor your heart and hearing health simultaneously, but there’s a catch
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
AdGuard VPN during TechRadar tests
AdGuard becomes the latest VPN to add post-quantum encryption
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – here's everything we know about Twitter's third massive outage today
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 11 (game #373)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 11 (game #639)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 11 (game #1142)