Fakesg

Malware updated a month ago (2024-11-29T14:02:32.243Z)
Download STIX
Preview STIX
FakeSG is a recently identified malware that uses sophisticated obfuscation and delivery techniques, making it a serious threat. The malware mimics the notorious SocGholish distribution campaign, hence its name - "FakeSG". It has different browser templates, altering its appearance based on the victim's browser to appear more legitimate. The malware primarily relies on compromised WordPress websites to display custom landing pages that mimic the victim's browser interface. These landing pages typically inform the user that their browser needs an update, a tactic used to trick users into downloading and installing the malware. This new campaign, dubbed FakeSG, was discovered distributing a NetSupport Remote Access Tool (RAT), a tool often used by attackers to gain control over victims' systems. Notably, the malware has also been associated with other names such as "RogueRaticate". Security researcher Jerome Segura provided screenshots capturing fake updates from TA569 and another cluster, "FakeSG", illustrating the deceptive tactics employed by this malware. The impact of FakeSG is significant as it can potentially infect WiFi networks and hide itself within systems, thus making detection and removal difficult. Moreover, it's harmful as it can steal personal information, disrupt operations, or even hold data for ransom. Comprehensive research and analysis have led to the development of a how-to guide for removing FakeSG, reflecting the cybersecurity community's commitment to combating this threat.
Description last updated: 2024-05-04T17:15:25.617Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Socgholish is a possible alias for Fakesg. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Fakesg Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more