New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Stolen Images Evidence Campaign Continues Pushing BazarLoader Malware

September 14, 2021

Downloaded zip archives The downloaded zip archives are always named Stolen Images Evidence.zip. They contain a JavaScript file named Stolen Images Evidence.js. BazarLoader from the JS file. If a victim double-clicks the extracted JavaScript file on a vulnerable Windows host, it retrieves and runs a DLL for BazarLoader malware. The DLL is saved to the infected user's AppDataLocalTemp directory with a .dat file extension.

Featured Resources

View More Resources
image
Demo

Auto Mitigation Demo

Cymulate Auto Mitigation closes the risk-to-fix gap by automatically deploying targeted control updates when exposures are discovered. It then re-validates

Learn More
image
blog

How to Automate Security Mitigation with a Closed-Loop Workflow 

Automate remediation with vendor-specific security updates that reduce exposure, improve resilience, and save time.

Read More
image
blog

Mitigation Hub Turns Findings into Fixes

Shiraz Arush Brinder, Senior Product ManagerAvigayil Stein, Senior Product Marketing Manager Security teams don’t need more dashboards or disconnected findings. They need a faster

Read More