FakeBat Malware Distributing via Fake Browser Updates

May 1, 2024, 11:08 p.m.

Tags
phishing
social engineering
fakebat
browser exploits
malicious scripts
External References
Description

This report details a recent malware campaign leveraging fake browser update notifications to distribute the FakeBat loader. The campaign employs sophisticated social engineering techniques, with malicious JavaScript code injected into compromised websites to trigger deceptive update prompts. These prompts mimic legitimate browser updates, personalized to match the user's browser type and language settings, ultimately serving a malicious MSIX payload signed with a previously used Consoneai Ltd signature. The report outlines the multi-stage infection chain, server-side logic controlling malicious page exposure, and the use of Pastebin links hosting anti-analysis techniques.

Date

Published: April 29, 2024, 6:18 p.m.

Created: April 29, 2024, 6:18 p.m.

Modified: May 1, 2024, 11:08 p.m.

Indicators

https://www.bridewell.com/insights/blogs/detail/clearfake-campaign

http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/stats/get_stats.php

http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/land/universal_land/

http://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/downloadsdownloadfile/dwnl_standart.php

Download all indicators here!

Attack Patterns

FakeBat

T1037

T1059.005

T1055.002

T1497.001

T1059.007

T1497

T1055

T1059