#worrycomix #fakebat #outsiderart #lowbrowart

ℹ️ New walkthrough: Google ad ➡️ #FakeBat ➡️ #zgRAT

🔗 threatdown.com/blog/fakebat-0…

#malvertising #threatintel

#FakeBat spreads via Fake Browser Updates.

Check out the writeup: esentire.com/blog/fakebat-m…

Generating AI art is probably the main reason why I write blogs 🤣

⚠️ Malicious Google ad for Inkscape leads to #FakeBat

➡️ Impostor site: inkckape[.]org
➡️ Payload:
hxxps[://]planbooknfly[.]com/data/Inkscape-x86[.]msix
dc471b087413ea64f7693b27e38ac568dea00ec1c7f699e48a6ef96b9cb4e30e
➡️ C2: utm-adschuk[.]com

Check out the short writeup on the recent #FakeBat infection involving #PaykRunPE 🦇

esentire.com/blog/the-retur…

New #SteelClover 's fake software: Sudoku (数独)😎Hosting IP is 185[.]166.197.238
#FakeBat #DEV0569 #Ursnif #RedlineStealer

🚨 Threat Campaign Alert - FakeBat Malware Uses Legitimate Websites and Diverse Brand Impersonation Tactics🚨

Summary: February witnessed a significant rise in search-based malvertising incidents, nearly doubling the documented cases. FakeBat malware leverages malvertising…

DEV-0569 activity: Google ad fake CPUID page --> 'FakeBat' Loader.

Different redirect google ad domain from last Friday, but serving same payload as what Brad shared.

Urlscan:
urlscan.io/result/88610e6…

VirusTotal:
virustotal.com/gui/file/c6e79…

Recent #FakeBat campaign

#Fakebat + #Rhadamanthys #Stealer

Hay otras dos publicidades activas en Google apuntando a Bitbucket y Bitwarden

IP
141.98.233.]61

30 dominios relacionados a la ip
pastebin.com/f9igjPnH

Todos los productos apuntados:
Bitwarden
BitBucket
Blender
VMWare
Todoist
Calendly

1/2

#FakeBat utilizando al menos 10 dominios .ar 🇦🇷 para distribuirse a través de... 🥁 Google Ads.

cecar[.]com[.]ar
estiloplus[.]tur[.]ar
disenoymas[.]com[.]ar
barcala[.]com[.]ar
elchubutense[.]com[.]ar
argentec[.]com[.]ar
culturabritanicacba[.]org[.]ar…

Another one #fakebat

url: utm-drmka\.com /cdn/Exodus-x86[.]msix

Ref[1]:
virustotal.com/gui/domain/utm…

Germán Fernández Google Ads Juan Brodersen En VT está ya reseñado el FakeBat.

It's #FakeBat , and it's been delivering payloads with IDAT loader for about 8 months. How is it a new variant? Morphisec

blog.morphisec.com/threat-bulleti…

🛑 More #FakeBat / #EugenLoader via Google Ads

Autodesk Maya spoofing site maya-autodes[.]cc download Maya-x64.msix from prezemp[.]com.
[+] bazaar.abuse.ch/sample/9e6e04c…

#SIGNED 'Fodere Titanium Limited'

1.- New #RedLine C2: 95.143.191.159:22876 (from https://alexsazo[.]com/1.jpg)
2.-…

Today's quick #malware analysis with #SecurityOnion : FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!

Thanks to Brad for sharing this pcap!

More screenshots:
blog.securityonion.net/2023/02/quick-…

#infosec
#infosec urity
#ThreatHunting
#IncidentResponse

A majority of the under 4 crowd appear to believe that Billy the 🦇 is real. I wish my husband would just say it’s a #FakeBat and stop saying it’s the household pet.

#HappyHalloween

eSentire's Threat Response Unit has observed #FakeBat loader🦇 being distributed via #FakeUpdates , ultimately leading to #LummaC2 infection via a custom-written PaykRunPE provided by the FakeBat Threat Actors.
eSentire

Memento Mori Chamo la respeto a Nick jajajjaaj mira q ya el fue un fakebat

Malvertisers have moved beyond URL shorteners to compromising legitimate websites, broadening their targets. FakeBat stands out for its use of MSIX installers with heavily obfuscated PowerShell scripts. Learn more in our #ThreatAdvisoryTuesday update: okt.to/sgol2A