FakeBat Malware Distributing via Fake Browser Updates

May 1, 2024, 11:08 p.m.

Description

This report details a recent malware campaign leveraging fake browser update notifications to distribute the FakeBat loader. The campaign employs sophisticated social engineering techniques, with malicious JavaScript code injected into compromised websites to trigger deceptive update prompts. These prompts mimic legitimate browser updates, personalized to match the user's browser type and language settings, ultimately serving a malicious MSIX payload signed with a previously used Consoneai Ltd signature. The report outlines the multi-stage infection chain, server-side logic controlling malicious page exposure, and the use of Pastebin links hosting anti-analysis techniques.

External References

https://www.esentire.com/blog/fakebat-malware-distributing-via-fake-browser-updates
https://otx.alienvault.com/pulse/662fe46e5e829beceaa86db9
Tags
phishing
social engineering
fakebat
browser exploits
malicious scripts

Date

  • Created: April 29, 2024, 6:18 p.m.
  • Published: April 29, 2024, 6:18 p.m.
  • Modified: May 1, 2024, 11:08 p.m.

Indicators

  • https://www.bridewell.com/insights/blogs/detail/clearfake-campaign
  • http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/stats/get_stats.php
  • http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/land/universal_land/
  • http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/downloadsdownloadfile/dwnl_standart.php
  • seacraftsgallery.com
  • doggygangers.com
Download all indicators here!

Attack Patterns

  • FakeBat