home.social

#fakebat — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #fakebat, aggregated by home.social.

  1. 🔍 The Sekoia TDR team delved into the drive-by download technique used for malware distribution via web browsing.

    Our latest report analyses #FakeBat, a widespread loader using this technique.

    blog.sekoia.io/exposing-fakeba

  2. Malicious Google ad for Todoist -> #Fakebat

    todciist[.]com

    hxxps[://]ultra-fasteners[.]com/data/Todoist-x86[.]msix

    C2: cdn-inform[.]com

    #malvertising #threatintel

  3. ⚠️ Malicious Google ad for
    inkscape leads to #FakeBat

    ➡️ Impostor site: inkckape[.]org
    ➡️ Payload:
    hxxps[://]planbooknfly[.]com/data/Inkscape-x86[.]msix
    dc471b087413ea64f7693b27e38ac568dea00ec1c7f699e48a6ef96b9cb4e30e
    ➡️ C2: utm-adschuk[.]com

    #malvertising #threatintel

  4. #SocGholish (AKA FakeUpdates) landing page localized in French, Spanish and German.

    Payload is #FakeBat.

    This campaign is also known as 'doggygangers' based on network traffic.

    #threatintel

  5. Google ad for VLC media player leads to #malvertising and drops #FakeBat

    Fake site: vlc-media-player[.]com
    Payload: fabulousfontshop[.]com/vlc-3[.]0[.]20-win64[.]msix
    C2: utm_adsname[.]com

    #threatintel

  6. #FakeBat via malicious Google ad for OneNote

    Redirect: disenoymas[.]com[.]ar
    Decoy site: onenote-download[.]com
    Payload URL: church-notes[.]com/Onenote_setup[.]msix
    Payload: 6481d5f0af192db843af4aacd46527a24f9c34c49037b3038951fa7fca3c7aa4

    #malvertising #threatintel

  7. After dropping #PikaBot for a few days, the threat actor behind one of the #malvertising campaigns switched back to #FakeBat.

    The PowerShell script looks different, and there may be some new evasion tricks.

    C2: ads-analyze[.]xyz

    Sample: virustotal.com/gui/file/9c5793

    #threatintel