Eugenloader

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
EugenLoader, also known as FakeBat, is a form of malware that was detected by Microsoft in mid-November 2023. It was distributed by an initial access broker known as Storm-1113 through search advertisements mimicking the Zoom app, with the malware delivered via bogus MSIX installers masquerading as Zoom downloads. This method was also used to deploy other forms of malware, such as BATLOADER and IcedID, marking an increase in cybercriminals using paid advertisements to lure users to malicious sites and trick them into downloading harmful software. In addition to the Zoom app impersonation, campaigns delivering Atomic Stealer underwent changes, utilizing Google search ads impersonating Slack to deploy either Atomic Stealer or EugenLoader, depending on the operating system. The threat actors adapted their methods, modifying attack campaigns to spread either the upgraded Atomic Stealer malware or the EugenLoader malware loader through fraudulent Slack ads on Google search, according to a report by Malwarebytes. EugenLoader has been linked to multiple cybercriminal groups and used to deliver a variety of malware implants. In November 2023, it was used by a group known as Sangria Tempest (also known as FIN7) to drop its infamous Carbanak malware framework, which then deployed the Gracewire implant. As this group offers malware deployment as a service, EugenLoader has been utilized to deploy a range of implants including Gozi, Redline stealer, IcedID, Smoke Loader, NetSupport Manager (also known as NetSupport RAT), Sectop RAT, and Lumma stealer.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Eugenloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Microsoft disables online Windows App Installer after attackers abuse it | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
Microsoft disables online Windows App Installer after attackers abuse it | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
Microsoft Disables App Installer After Feature is Abused for Malware
CERT-EU
5 months ago
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
MSIX App Installer Disabled Amid Microsoft Malware Attacks
CERT-EU
10 months ago
New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads
CERT-EU
5 months ago
Updated Atomic Stealer malware emerges
CERT-EU
7 months ago
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers
CERT-EU
5 months ago
Cyber Security Week In Review: January 12, 2024