Cybercriminals have been distributing a new strain of malware, dubbed FakeBat, by exploiting the trust in MSIX installer files.
This alarming trend has raised concerns as it involves masquerading as legitimate software applications, including popular productivity tools like Notion, Trello, Braavos, and OneNote.
The Lure of Legitimacy
The attackers have cleverly designed their campaign to impersonate well-known software brands, thereby increasing the likelihood of users downloading and executing the malicious installers.
Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Camouflaged Links and Obfuscated Scripts
To further evade detection, the malvertisements have utilized URL shorteners, a common tactic for hiding the true destination of the links and making them appear less suspicious to potential victims.
Once clicked, these links lead to downloading MSIX files containing obfuscated PowerShell scripts.
These scripts are designed to be complex and challenging to analyze, allowing malware to bypass basic security measures and initiate the infection process.
A recently published article by Broadcom has highlighted the spread of a new malware strain called FakeBat.
This malware is being distributed through malvertising campaigns and is particularly concerning because it can evade detection by most traditional antivirus software.
According to a recent tweet by CyberXTron Technologies, cybercriminals are using MSIX installer files to distribute a new malware variant called FakeBat.
Staying Safe Online
To protect yourself from such threats, it is crucial to maintain a robust security posture:
- Always download software from official sources or directly from the vendor’s website.
- Be wary of advertisements offering free downloads of paid software.
- Keep your antivirus software current to benefit from the latest protection mechanisms.
- Educate yourself and others about the latest tactics used by cybercriminals.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.