FakeBat Loader Malware

04-July-24

FakeBat, which is also known as PaykLoader and EugenLoader, has emerged to be one of the most dangerous cyberthreats in the first half of 2024.The campaign involves drive-by downloads, which is a technique that involves malvertising, SEO poisoning, and inserting malicious code into websites that have been compromised. Users are then tricked into downloading the malware in the disguise of a fake update or app.Sekoia Threat Detection & Research (TDR) conducted research on FakeBat—a malicious software loader and dropper—and found it to be one of the biggest cyberthreats of the first half of 2024.It targets victims by either imitating a legitimate website, compromising a website, or through social engineering schemes on social networks.The worst part is that this malware is being distributed as a loader-as-a-service (LaaS) subscription model, meaning more cybercriminals, including the entry-level ones, are gaining access to it.


During research, Sekoia also found that certain domains linked to FakeBat’s command-and-control (C2) servers, including 756-ads-info[.]site, 3010cars[.]top and 0212top[.]online, are often registered under concealed or misleading details regarding ownership.



These domains are the main drivers behind malware distribution. Moreover, these distribution strategies are so diverse that FakeBat has managed to evade detection for a really long time.Unfortunately, using the loader is quite simple, too. It has templates that can be used by hackers to generate builds, which would help them compromise legit websites as well as monitor their installations through an administration panel.

Read More…