Popular project management tool used in phishing attacks

News
By published

Basecamp is being used for malware and phishing campaigns

(Image credit: wk1003mike / Shutterstock)

Basecamp, a popular project management tool, is being used by cyberattackers in a variety of ways, according to new security research. As well as being used to distribute the BazarLoader malware, it is also being employed as part of a number of phishing campaigns.

Threat actors are using public Basecamp links to host BazarLoader executables disguised as genuine Basecamp links. Once installed, BazarLoader allows other cyberattackers to infiltrate a network with the ultimate goal of unleashing the Ryuk ransomware.

The BazarLoader trojan, sometimes spelt BazaLoader, has hit the headlines this year as part of several notable malware campaigns. It has previously been linked to a phishing campaign that sought to trick victims with false claims about US President Donal Trump’s health.

Go phish

The trustworthy reputation that Basecamp enjoys is also being used as part of a phishing campaign. Cybersecurity firm Cyjax has discovered that attackers are using Basecamp to host webpages that redirect unsuspecting online users to phishing landing pages. Many security solutions will view the webpages as being safe if Basecamp is used as an intermediary.

“This technique is effective because Basecamp and Google Cloud hosting are often used for business operations and are regarded as safe by default by most detection systems,” security researcher William Thomas explained. “Cloud platforms also preserve the anonymity of their users and can be set up in no time at all. They are difficult for human SOC analysts to recognize as a threat because the traffic to and from these services appears legitimate.”

More importantly, Basecamp pages can easily be edited, allowing threat actors to shift tactics when security solutions do eventually catch up with them. By altering a Basecamp intermediary page and redirecting victims to a different phishing landing site, cybercriminals can keep modifying a campaign to avoid detection.

Via Bleeping Computer

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
More about security
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Ransomware

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Google Gemini Flash 2.0 Images

I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
See more latest
Most Popular
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Dell Pro 75 Plus monitor pictured against a white background.
Dell just launched a $4,000 75-inch 4K touchscreen display - but I've found one rival that's 50% cheaper
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 14 (game #1145)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 14 (game #642)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 14 (game #376)
Verizon logo on a building with blue sky above
Millions of Americans are missing out on cheap unlimited cloud storage - how to check if you are one of them
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
The Toyota FT-Me Concept sitting in a car park
Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone