{"id":44088,"date":"2021-11-23T00:00:00","date_gmt":"2021-11-23T00:00:00","guid":{"rendered":"urn:uuid:b3de07b3-b8a7-ab0e-2f70-29d49ee98dd0"},"modified":"2021-11-23T00:00:00","modified_gmt":"2021-11-23T00:00:00","slug":"bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/","title":{"rendered":"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors\/cover-bazarloader-adds-compromised-installers-iso-arrival-and-delivery-vectors.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors\/cover-bazarloader-adds-compromised-installers-iso-arrival-and-delivery-vectors.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><span class=\"body-subhead-title\">Conclusion<\/span><\/p>\n<p>The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However, both techniques are noteworthy and still work despite their lack of novelty due to singular detection technologies\u2019 limitations. For instance, while the use of compromised installers has been observed with other malware, the large file size can still challenge detection solutions \u2014 such as sandboxes \u2014 which may implement file size limits. On the other hand, LNK files serving as shortcuts will also likely be obfuscated for the additional layers created between the shortcut and the malicious files itself.<\/p>\n<p>In addition, the deployment of BazarLoader malware for initial access is a known technique for modern ransomware such as Conti and Ryuk as service affiliates. Aside from these known ransomware families including more tools for entry into their arsenal, other malware groups and ransomware operators may pick up on the additional means, if they have not already done so.<\/p>\n<p><span class=\"body-subhead-title\">Best practices<\/span><\/p>\n<p>BazarLoader is an example of a versatile malware delivery mechanism that will likely find more ways to adapt to deceive more users. For details on all the other measures that BazarLoader uses to get into systems, read our technical brief <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors\/tb-bazarloader-looking-in-analyzing-the-infection-chains-stages-and-campaigns.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p>Here are some best practices to defend against this threat:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Enable security solutions that allow for visibility in tracking processes of files, allowing security teams to detect malicious outgoing and incoming network communication and traffic.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Download installers and updates only from their respective official websites and platforms.<\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">Trend Micro solutions<\/span><\/p>\n<p>BazarLoader will continue to evolve as an information stealer malware on its own, an initial access malware-as-a-service (MaaS) for other malware operators, and as an enabler for secondary payload delivery for even more disruptive attacks like modern ransomware. Security teams must make monitoring and tracking for known threats more visible based on known data and use multilayered solutions capable of pattern recognition and behavior monitoring for unknown threats.<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Micro Vision One\u2122<\/a>&nbsp; helps detect and block suspicious activity, even those that might seem insignificant when monitored from only a single layer, through multilayered protection and behavior detection. It helps spot and block BazarLoader and its other components wherever it might be on the system. <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/endpoint.html\">Trend Micro Apex One\u2122<\/a> employs behavior analysis to protect systems against malicious scripts, injection, ransomware, and memory and browser attacks related to fileless threats from initial access, execution, and C&amp;C communication. <a href=\"https:\/\/www.trendmicro.com\/en_us\/small-business\/worry-free.html\">Trend Micro&nbsp;Worry-Free\u2122 Business Security<\/a> can protect users and businesses from BazarLoader by detecting malicious files and spammed messages, JavaScript droppers, and DLL loaders, as well as URLs associated with the threat.<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/email-and-collaboration\/email-security.html\">Trend Micro Email Security<\/a>&nbsp;delivers continuously updated protection to stop spam, malware, spear phishing, ransomware, and advanced targeted attacks before they reach the network. It protects Microsoft Exchange,&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/email-and-collaboration\/cloud-app-security.html\">Microsoft Office 365<\/a>, Google Apps, and other hosted and on-premises email solutions. <a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/security-risk-management\/deep-discovery\/\">Trend Micro<\/a>\u2122&nbsp;<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/security-risk-management\/deep-discovery\/\">Deep Discovery<\/a>\u2122 provides detection, in-depth analysis, and proactive response to ransomware attacks through specialized engines, custom&nbsp;<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/deploying-a-smart-sandbox-for-unknown-threats-and-zero-day-attacks\/\">sandboxing<\/a>, and seamless correlation across the entire attack life cycle such as tool ingress, exploits, C&amp;C activities, and lateral movements. <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps\/email-and-collaboration\/email-inspector.html\">Trend Micro\u2122 Deep Discovery\u2122 Email Inspector<\/a>&nbsp;and <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/user-protection\/sps.html\">InterScan\u2122 Web Security<\/a> perform custom sandboxing and advanced analysis techniques to prevent malware from ever reaching end users, especially potentially vulnerable users working remotely. These effectively deter potential ransomware attacks that are delivered through malicious emails.<\/p>\n<p>Cloud-specific security solutions such as&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud.html\">Trend Micro\u2122 Hybrid Cloud Security<\/a>&nbsp;can help protect cloud-native systems and their various layers.&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/cloud-migration-security.html\">Trend Micro Cloud One\u2122<\/a>&nbsp;protects cloud-native systems by securing continuous-integration and continuous-delivery (CI\/CD) pipelines and applications.&nbsp;It also helps identify and resolve security issues sooner and improves delivery time for DevOps teams.&nbsp;<\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span><\/p>\n<p>Visit <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors\/IOCs-bazarloader-adds-compromised-installers-ISO-arrival-and-delivery-vectors.txt\" target=\"_blank\" rel=\"noopener\">this page<\/a> to view the full list of IOCs.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":44089,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9521,9511,9508,9513,9539,9585],"class_list":["post-44088","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-crime","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-malware","tag-trend-micro-research-ransomware","tag-trend-micro-research-spam"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-23T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors\/cover-bazarloader-adds-compromised-installers-iso-arrival-and-delivery-vectors.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors\",\"datePublished\":\"2021-11-23T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/\"},\"wordCount\":647,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Crime\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Spam\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/\",\"name\":\"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg\",\"datePublished\":\"2021-11-23T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/","og_locale":"en_US","og_type":"article","og_title":"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-23T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors\/cover-bazarloader-adds-compromised-installers-iso-arrival-and-delivery-vectors.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors","datePublished":"2021-11-23T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/"},"wordCount":647,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Crime","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Malware","Trend Micro Research : Ransomware","Trend Micro Research : Spam"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/","url":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/","name":"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg","datePublished":"2021-11-23T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/bazarloader-adds-compromised-installers-iso-to-arrival-and-delivery-vectors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44088"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44088\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/44089"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}