FakeBat Malware Distributing via Fake Browser Updates
May 1, 2024, 11:08 p.m.
Tags
External References
Description
This report details a recent malware campaign leveraging fake browser update notifications to distribute the FakeBat loader. The campaign employs sophisticated social engineering techniques, with malicious JavaScript code injected into compromised websites to trigger deceptive update prompts. These prompts mimic legitimate browser updates, personalized to match the user's browser type and language settings, ultimately serving a malicious MSIX payload signed with a previously used Consoneai Ltd signature. The report outlines the multi-stage infection chain, server-side logic controlling malicious page exposure, and the use of Pastebin links hosting anti-analysis techniques.
Date
Published: April 29, 2024, 6:18 p.m.
Created: April 29, 2024, 6:18 p.m.
Modified: May 1, 2024, 11:08 p.m.
Indicators
https://www.bridewell.com/insights/blogs/detail/clearfake-campaign
http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/stats/get_stats.php
http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/land/universal_land/
http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/downloadsdownloadfile/dwnl_standart.php
seacraftsgallery.com
doggygangers.com
Attack Patterns
FakeBat
T1037
T1059.005
T1055.002
T1497.001
T1059.007
T1497
T1055
T1059