Hackers Distribute FakeBat Loader Via Fake Software Installers

Researchers caution users about a new malicious campaign spreading the FakeBat loader. The threat actors behind this campaign trick users into downloading the malware by pretending to be various legitimate software. It is crucial for users to always download necessary software, tools, and apps from official sources only.

New Campaign Distributing FakeBat Loader Through Impersonation of Legitimate Software Installers

Cybersecurity experts at Mandiant have identified a fresh malware campaign distributing the FakeBat Loader. This malware, also known as NUMOZYLOD, EugenLoader, and PaykLoader, targets users through malvertising campaigns.

The threat actors in this campaign entice users to download the malware by imitating legitimate apps like Brave, Zoom, Notion, KeePass, and Steam. They distribute trojanized MSIX installers via fake websites that mimic legitimate software platforms.

Once downloaded, the trojanized installer installs the user’s desired app while executing malicious activities in the background to establish persistent access on the target device, acquire elevated privileges, and collect system information such as OS details, installed antivirus programs, and IP addresses (in some variants).

FakeBat operates on a malware-as-a-service model, enabling different threat actor groups to distribute malware using this loader. After infecting a device successfully, FakeBat downloads and runs the secondary payload, with variants distributing Carbanak and LummaStealer malware.

Attaining persistence marks the completion of FakeBat’s objective, as the attackers transfer control of the infected device to the respective malware group for further actions.

The researchers have shared detailed technical information about this malicious campaign on their blog.

Prevent Potential Malware Risks by Downloading Only from Official Sources

The primary reason behind the success of the FakeBat campaign lies in users’ lack of caution when downloading software. Users often overlook the legitimacy of websites before downloading tools, and the subtle differences between authentic and phishing sites can be challenging to detect.

Hence, the best way to protect against such threats is to download software and apps exclusively from official, reputable sources rather than opting for free or pirated versions.

Share your thoughts in the comments section.