- Sekoia Threat Detection & Research (TDR) conducted research on FakeBat—a malicious software loader and dropper—and found it to be one of the biggest cyberthreats of the first half of 2024.
- It targets victims by either imitating a legitimate website, compromising a website, or through social engineering schemes on social networks.
- The worst part is that this malware is being distributed as a loader-as-a-service (LaaS) subscription model, meaning more cybercriminals, including the entry-level ones, are gaining access to it.
FakeBat, which is also known as PaykLoader and EugenLoader, has emerged to be one of the most dangerous cyberthreats in the first half of 2024.
The campaign involves drive-by downloads, which is a technique that involves malvertising, SEO poisoning, and inserting malicious code into websites that have been compromised. Users are then tricked into downloading the malware in the disguise of a fake update or app.
Read more: Biggest cyberattacks of 2023 and what caused them
About FakeBat and Its Growing Terror
Sekoia Threat Detection & Research (TDR) conducted research and found that throughout 2024, there have been multiple FakeBat distribution campaigns. This cyberthreat’s latest victims include AnyDesk and Google Chrome.
It tricks users via three methods:
- By imitating a real website,
- By compromising an actual legit website, or
- Through social engineering schemes on social networks
Then, it downloads the next-stage payload, such as Lumma, IcedID, SmokeLoader, RedLine, SectopRAT, and Ursni.
During research, Sekoia also found that certain domains linked to FakeBat’s command-and-control (C2) servers, including 756-ads-info[.]site, 3010cars[.]top and 0212top[.]online, are often registered under concealed or misleading details regarding ownership.
These domains are the main drivers behind malware distribution. Moreover, these distribution strategies are so diverse that FakeBat has managed to evade detection for a really long time.
Unfortunately, using the loader is quite simple, too. It has templates that can be used by hackers to generate builds, which would help them compromise legit websites as well as monitor their installations through an administration panel.
The service is available at $1,000 per week (or $2,500 per month) for the MSI format (MSI is its previous version) and $1,500 per week (or $4,000 per month) for the MSIX format (the newest version). Furthermore, a combination of MSI and the signature package is available at $1,800 per week (or $5,000 per month).
Our Editorial Process
Our Editorial Process
Share 
Krishi Chowdhary Journalist 
Question & Answers (0)