Hackers Deliver FakeBat Malware via MSIX Installer Files

Cybercriminals have been distributing a new strain of malware, dubbed FakeBat, by exploiting the trust in MSIX installer files.

This alarming trend has raised concerns as it involves masquerading as legitimate software applications, including popular productivity tools like Notion, Trello, Braavos, and OneNote.

The Lure of Legitimacy

The attackers have cleverly designed their campaign to impersonate well-known software brands, thereby increasing the likelihood of users downloading and executing the malicious installers.

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

• The problem of vulnerability fatigue today
• Difference between CVSS-specific vulnerability vs risk-based vulnerability
• Evaluating vulnerabilities based on the business impact/risk
• Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Book Your spot

By leveraging the reputation of these trusted names, the cybercriminals aim to bypass the natural skepticism that users might have towards unknown sources.

Camouflaged Links and Obfuscated Scripts

To further evade detection, the malvertisements have utilized URL shorteners, a common tactic for hiding the true destination of the links and making them appear less suspicious to potential victims.

Once clicked, these links lead to downloading MSIX files containing obfuscated PowerShell scripts.

These scripts are designed to be complex and challenging to analyze, allowing malware to bypass basic security measures and initiate the infection process.

A recently published article by Broadcom has highlighted the spread of a new malware strain called FakeBat.

This malware is being distributed through malvertising campaigns and is particularly concerning because it can evade detection by most traditional antivirus software.

According to a recent tweet by CyberXTron Technologies, cybercriminals are using MSIX installer files to distribute a new malware variant called FakeBat.

🚨 Threat Campaign Alert – FakeBat Malware Uses Legitimate Websites and Diverse Brand Impersonation Tactics🚨

Summary: February witnessed a significant rise in search-based malvertising incidents, nearly doubling the documented cases. FakeBat malware leverages malvertising… pic.twitter.com/qQYrrkztip

— CyberXTron Technologies (@CyberxtronTech) March 13, 2024

Staying Safe Online

To protect yourself from such threats, it is crucial to maintain a robust security posture:

• Always download software from official sources or directly from the vendor’s website.
• Be wary of advertisements offering free downloads of paid software.
• Keep your antivirus software current to benefit from the latest protection mechanisms.
• Educate yourself and others about the latest tactics used by cybercriminals.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.