July 3, 2024 at 03:16AM
FakeBat, a widely distributed loader malware, mainly aims to download and execute next-stage payload, using methods like SEO poisoning. Offered as a service on underground forums, it’s designed to bypass security mechanisms. Different activity clusters disseminate FakeBat and it’s being used in various malware campaigns. The malware is sold under different pricing models.
The meeting notes from Jul 03, 2024, discuss the emerging threat of the loader-as-a-service (LaaS) known as FakeBat. The malware is widely distributed using the drive-by download technique and aims to download and execute various payloads such as IcedID, Lumma, RedLine, SmokeLoader, SectopRAT, and Ursnif. The use of malware loaders has increased in recent years, often impersonating legitimate software websites to entice users into downloading bogus software installers or browser updates.
FakeBat, also known as EugenLoader and PaykLoader, is offered under a LaaS subscription model on underground forums by a Russian-speaking threat actor named Eugenfest (aka Payk_34). It is designed to bypass security mechanisms and provides customers with options to generate builds using templates to trojanize legitimate software.
The malware is available for purchase and there are different activity clusters disseminating FakeBat through impersonating popular software via malicious Google ads, fake web browser updates, and social engineering schemes. This includes campaigns likely related to the FIN7 group, Nitrogen, and BATLOADER. The malware’s command-and-control servers filter traffic based on characteristics such as User-Agent value, IP address, and location, enabling the distribution of the malware to specific targets.
Additionally, the notes mention other loader malware campaigns such as DBatLoader, Hijack Loader, and Remcos RAT, as well as the use of phishing campaigns to distribute various malware strains and loaders.
Overall, the meeting notes highlight the evolving landscape of loader malware distribution and the increasing sophistication of techniques used by threat actors to propagate malware.
Let me know if you need further information or have any specific queries!