Hackers are targeting and weaponizing AnyDesk, Zoom, Teams, and Chrome due to their widespread use across multiple sectors, providing access to sensitive information.
Cybersecurity researchers at Sekoia have identified FakeBat malware actively exploiting these widely used applications.
FakeBat Malware
In 2024, FakeBat loader malware poses a significant threat with its drive-by-download propagation methods and capabilities sold as Loader-as-a-Service on dark web platforms.
It disguises itself through malvertising and social engineering, deploying payloads like botnets and infostealers, and has evolved with MSIX format builds and digital signatures to evade detection.
The pricing for FakeBat varies from $1,000 to $5,000 per week or month, depending on the package chosen. Sekoia noted that FakeBat deliberately limits its customer base to control distribution and minimize detection risks.
FakeBat’s distribution strategy has evolved into a sophisticated operation, employing tactics like malvertising, software impersonation, and social engineering across social networks.
Another method of distributing this malware includes compromising websites, offering fake browser updates, and conducting targeted campaigns like the “getmess.io” web3 chat app scam.
FakeBat’s infrastructure includes numerous C2 servers with dynamic communication patterns and sophisticated obfuscation techniques. Operators employ specific domain naming conventions and host servers on selected ASNs. They’ve introduced traffic filtering based on user attributes and recently improved evasion tactics by anonymizing domain registrations. This adaptability helps them evade detection and expand their operations effectively.
Researchers observed that FakeBat malvertising campaigns targeted the following software:
- 1Password
- Advanced SystemCare
- AnyDesk
- Bandicam
- Blender
- Braavos
- Cisco Webex
- Epic Games
- Google Chrome
- Inkscape
- Microsoft OneNote
- Microsoft Teams
- Notion
- OBS Studio
- OpenProject
- Play WGT Golf
- Python Shapr3D
- Todoist
- Trading View
- Trello
- VMware
- Webull
- WinRAR
- Zoom
Hackers now prefer using fake software landing pages to distribute malware, often through meticulously tracked campaigns. These include entities like FIN7 and Nitrogen, circulating various malicious codes. FakeBat, a widely spread loader sold as Malware-as-a-Service, adapts continuously to evade detection.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment