www.rivitmedia.comwww.rivitmedia.comwww.rivitmedia.com
  • Home
  • Tech News
    Tech NewsShow More
    Microsoft’s May 2025 Patch Tuesday: Five Actively Exploited Zero-Day Vulnerabilities Addressed
    7 Min Read
    Malicious Go Modules Unleash Disk-Wiping Chaos in Linux Supply Chain Attack
    4 Min Read
    Agentic AI: Transforming Cybersecurity in 2025
    3 Min Read
    Cybersecurity CEO Accused of Planting Malware in Hospital Systems: A Breach of Trust That Shocks the Industry
    6 Min Read
    Cloud Convenience, Criminal Opportunity: How Google Sites Became a Launchpad for Elite Phishing
    6 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 rivitMedia.com. All Rights Reserved.
Reading: FakeBat is Promoted by a Malicious Malvertising Campaign Exploiting Google Promotions
Share
Notification Show More
Font ResizerAa
www.rivitmedia.comwww.rivitmedia.com
Font ResizerAa
  • Online Scams
  • Tech News
  • Cyber Threats
  • Mac Malware
  • Cybersecurity for Business
  • FREE SCAN
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    • Cybersecurity for Business
  • FREE SCAN
  • Sitemap
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
www.rivitmedia.com > Blog > Cyber Threats > Adware > FakeBat is Promoted by a Malicious Malvertising Campaign Exploiting Google Promotions
AdwareHow-To-GuidesIT/Cybersecurity Best PracticesMalware

FakeBat is Promoted by a Malicious Malvertising Campaign Exploiting Google Promotions

riviTMedia Research
Last updated: October 25, 2023 6:45 pm
riviTMedia Research
Share
Malicious Malvertising Campaign Exploiting Google Promotions
SHARE

A new malvertising campaign has emerged, leveraging Google Promotions to steer users seeking popular software towards deceptive landing pages and subsequently distribute malicious payloads. This campaign, as reported by Malwarebytes, is distinctive in its approach, particularly in how it identifies users and delivers time-sensitive threats.

Contents
What is Malvertising?What does the Malicious Malvertising Campaign Distributing the FakeBat Malware Do?Exploiting Google PromotionsIdentification and FingerprintingDelivery of MalwareSelecting Specific TargetsPunycode for Deceptive DomainsAvoiding Testing ConditionsMalware ExecutionRemoving the ThreatConclusion

What is Malvertising?

Malvertising, a portmanteau of “malicious” and “advertising,” is a deceptive and harmful online advertising technique used by cybercriminals to spread malware and exploit unsuspecting users. It involves the insertion of malicious code or malware into legitimate online advertisements, which are then displayed on various websites, including reputable ones. The goal of malvertising is to infect users’ devices or direct them to malicious websites, often without their knowledge or consent.

What does the Malicious Malvertising Campaign Distributing the FakeBat Malware Do?

Exploiting Google Promotions

This sophisticated attack is tailored to individuals searching for software such as Notepad++ and PDF converters. It introduces deceptive advertisements on Google search results pages. Once clicked, it filters out automated bots and random IP addresses, skillfully redirecting visitors to a fraudulent website.

Identification and Fingerprinting

If the visitor is deemed a potential threat, they are redirected to a counterfeit site promoting the desired software while secretly fingerprinting the system to determine whether the request originates from a virtual machine. Users who fail this check are directed to the legitimate Notepad++ site, while potential targets receive a unique identifier for tracking and ensuring that each download is both unique and time-sensitive.

Delivery of Malware

The final stage of this malware campaign delivers a HTA (HTML Application) payload, establishing a connection to a remote domain, “mybigeye[.]icu,” on a custom port, and disseminating further malware.

Selecting Specific Targets

Jerome Segura, Director of Threat Intelligence, highlighted the use of evasion techniques by threat actors to bypass ad verification checks and focus on specific victim types. This revelation aligns with a similar campaign targeting users searching for the KeePass password manager.

Punycode for Deceptive Domains

This campaign uses malicious ads to direct victims to a domain employing Punycode, a special encoding that converts Unicode characters into ASCII (e.g., keepass[.]info versus ķeepass[.]info). The goal is to execute homograph attacks and entice victims into downloading malware.

Avoiding Testing Conditions

Victims who click on the ad are redirected through a cloaking service designed to exclude test environments, automated bots, and those not identified as genuine victims. Threat actors have established a temporary domain at keepasstacking[.]site, which serves as the final destination.

Malware Execution

Users landing on the deceptive site are deceived into downloading a malicious installer, ultimately leading to the activation of FakeBat (also known as EugenLoader), a loader designed to download additional malicious code.

Removing the Threat

To remove this threat, follow these steps:

  1. Disconnect from the Internet: Cut off your internet connection to prevent further communication with malicious servers.
  2. Restart in Safe Mode: Restart your computer in Safe Mode to minimize the impact of the malicious software.
  3. Uninstall Suspicious Programs: In the Control Panel, uninstall any suspicious programs related to the threat.
  4. Delete Malicious Files: Manually delete any remaining malicious files and directories from your system.
  5. Remove Registry Entries: Access the Windows Registry Editor and remove entries associated with the threat.
  6. Run Anti-Malware Scans: Use reputable anti-malware software to perform a comprehensive system scan and remove any residual threats.

Conclusion

The malvertising campaign exploiting Google Promotions and employing Punycode for deceptive domains represents a growing sophistication in cyber threats. Staying informed, using reliable security software, being cautious online, keeping software updated, and regularly backing up your data are essential practices to protect your system from such threats in the future.

You Might Also Like

Unpleute[.]com: What It Is and How to Remove It
Llink.to: A Comprehensive Guide to Remove Annoying Pop-ups
Beware of Aucaint.com: A Deceptive Browser Hijacker
Juice Finance’s Airdrop Scam: Protect Your Digital Assets
Loasov.co.in Annoying Pop-ups
TAGGED:AdwareBest PracticesMalvertisingTech News

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article Live Security Platinum and Its Clones: Identifying, Removing, and Protecting Your System
Next Article strop/Djvu Ransomware ZPWW Ransomware: Dealing with the new STOP/Djvu Ransomware Variant
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Scan Your System for Free

✅ Free Scan Available 

✅ 13M Scans/Month

✅ Instant Detection

Download SpyHunter

//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

www.rivitmedia.comwww.rivitmedia.com
© 2023 • rivitmedia.com All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US