Hackers Distribute FakeBat Loader Via Fake Software Installers

Researchers warn users of a new malicious campaign distributing the FakeBat loader. The threat actors behind this campaign lure users into downloading the malware by impersonating various legit software. Users must always ensure that they download all required software, tools, and apps from official sources only.

New Campaign Spreads FakeBat Loader By Impersonating Legit Software Installers

Security researchers from Mandiant have detected a new malware campaign distributing FakeBat Loader. This malware, also known as NUMOZYLOD, EugenLoader, and PaykLoader, actively targets users via malvertising campaigns.

As explained, the threat actors behind this campaign lure users into downloading the malware by mimicking legit apps such as Brave, Zoom, Notion, KeePass, and Steam. The hackers distribute trojanized MSIX installers via phishing sites that mock legitimate software websites.

Once downloaded, the trojanized installer also installs the user’s intended app, hence evading detection. However, in the background, the malware executes various malicious functionalities to establish persistent access on the target device, gain elevated privileges, and gather and steal system details, such as OS information, installed antivirus programs, and IP addresses (in some variants).

Notably, FakeBat exhibits a malware-as-a-service model, facilitating various threat actors groups to distribute malware via this malware loader. Hence, after successfully infecting a device, FakeBat downloads and executes the secondary payload. Depending upon the variant, the researchers found FakeBat loader distributing Carbanak and LummaStealer malware.

Achieving persistence completes FakeBat’s mission, and the attackers hand over the infected device’s access to the respective malware group for further action.

The researchers have shared the technical details about this malicious campaign in their blog post.

Avoid Possible Malware Threats By Downloading From Official Sources Only

The core factor behind the success of this FakeBat campaign is users’ naivety when downloading software. Often, users don’t pay much attention to the website’s legitimacy before downloading any tool. Moreover, the subtle differences between the original and the phishing sites’ layouts are often difficult for users to detect.

Therefore, the key to avoiding this and other similar threats is to download software or apps only from official, legitimate sources instead of going for free or pirated software copies.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients