Fakesg

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

FakeSG is a recently identified malware that uses sophisticated obfuscation and delivery techniques, making it a serious threat. The malware mimics the notorious SocGholish distribution campaign, hence its name - "FakeSG". It has different browser templates, altering its appearance based on the victim's browser to appear more legitimate. The malware primarily relies on compromised WordPress websites to display custom landing pages that mimic the victim's browser interface. These landing pages typically inform the user that their browser needs an update, a tactic used to trick users into downloading and installing the malware. This new campaign, dubbed FakeSG, was discovered distributing a NetSupport Remote Access Tool (RAT), a tool often used by attackers to gain control over victims' systems. Notably, the malware has also been associated with other names such as "RogueRaticate". Security researcher Jerome Segura provided screenshots capturing fake updates from TA569 and another cluster, "FakeSG", illustrating the deceptive tactics employed by this malware. The impact of FakeSG is significant as it can potentially infect WiFi networks and hide itself within systems, thus making detection and removal difficult. Moreover, it's harmful as it can steal personal information, disrupt operations, or even hold data for ransom. Comprehensive research and analysis have led to the development of a how-to guide for removing FakeSG, reflecting the cybersecurity community's commitment to combating this threat.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Socgholish	2	SocGholish is a malicious software (malware) known for its ability to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, in 2023, several distinct website malware campaigns were identified to serve SocGholish malw
Rogueraticate	1	RogueRaticate is a malicious software (malware) designed to exploit and damage computer systems. This harmful program can enter your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once it has infiltrated a system, RogueRaticate can steal personal inform
Ta569	1	TA569 is a malware distributor that has been utilizing fake browser updates for over five years to deliver the SocGholish malware, according to cybersecurity firm Proofpoint. The threat actor has employed various methods to direct traffic from compromised websites to their controlled domains. In one

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Trojan

Ransomware

Wordpress

Windows

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Akira	Unspecified	1	Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
Amos	Unspecified	1	AMOS is a malicious software (malware) that targets Mac systems, with the ability to steal passwords, personal files, and cryptocurrency wallet information. It was first identified as part of the ClearFake campaign, which aimed to spread the macOS AMOS information stealer. The malware can infect bot
Netsupport Rat	Unspecified	1	NetSupport RAT is a type of malware that can significantly compromise an organization's digital security. Originally derived from the legitimate NetSupport Manager, a remote technical support tool, this malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to t
Amos Stealer	Unspecified	1	AMOS Stealer is a type of malware that has been causing significant concern due to its adaptability and ability to leverage legitimate services for malicious purposes. This new variant of the AMOS Stealer bears a high degree of similarity to the 2nd variant of RustDoor, particularly in its use of Ap

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Fakesg Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Malwarebytes	a year ago	FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT
CERT-EU	7 months ago	Kaspersky crimeware report: FakeSG, Akira and AMOS
CERT-EU	9 months ago	Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
CERT-EU	a year ago	FakeSG Virus Remove [Fake Chrome/Firefox/Mozilla/Edge Update]