Introducing Cymulate Vero AI for Agentic Cyber Defense Engineering
Learn More
New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
New Research: Exploiting Configuration Trust in AI Coding Tools
Learn More
New Case Study: How a Financial Authority Validates Cyber Resilience
Learn More
Book a Demo
Book a Demo

Stolen Images Evidence Campaign Continues Pushing BazarLoader Malware

September 14, 2021

Downloaded zip archives The downloaded zip archives are always named Stolen Images Evidence.zip. They contain a JavaScript file named Stolen Images Evidence.js. BazarLoader from the JS file. If a victim double-clicks the extracted JavaScript file on a vulnerable Windows host, it retrieves and runs a DLL for BazarLoader malware. The DLL is saved to the infected user's AppDataLocalTemp directory with a .dat file extension.

Featured Resources

View More Resources
image
CUSTOMERS

Financial Regulatory Authority Strengthens Security and Gains Continuous Visibility with Cymulate

Limited Visibility and Reliance on Point-in-Time Testing With a lean team of five responsible for securing a complex internal environment,

Read Case Study
image
blog

CVE-2026-35603: One Writable Folder, Every User Compromised: Exploiting Configuration Trust in AI Coding Tools

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher The AI coding tools that millions of developers launch every

Read More
image
Demo

Auto Mitigation Demo

Cymulate Auto Mitigation closes the risk-to-fix gap by automatically deploying targeted control updates when exposures are discovered. It then re-validates

Learn More