Loader

FakeBat

First seen: 2022 • Status: active

Currently Active Threat

FakeBat tricks people with fake software download ads on search engines, then installs password stealers on their computers.

Overview

FakeBat is a loader distributed through malvertising and fake software download sites. It typically delivers information stealers and other malware.

Also Known As

EugenLoader, Fake Bat

How It Spreads

  • Google Ads malvertising
  • Fake software sites
  • SEO poisoning
  • MSIX installer abuse

What It Does

  • Payload delivery
  • Stealer deployment
  • MSIX/MSI abuse
  • Anti-analysis

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for malvertising indicators
  • Check for suspicious MSIX installers
  • Analyze download source URLs
  • Review secondary payload activity

MITRE ATT&CK Techniques

T1189, T1036, T1105, T1497, T1218

If You're Infected

  1. 1.

    Remove FakeBat and delivered payloads

  2. 2.

    Full credential reset

  3. 3.

    Scan for multiple infections

  4. 4.

    Use ad blockers to prevent malvertising

Related Malware

Redline, Lumma, Icedid

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices