Fakesg

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
FakeSG is a recently identified malware that uses sophisticated obfuscation and delivery techniques, making it a serious threat. The malware mimics the notorious SocGholish distribution campaign, hence its name - "FakeSG". It has different browser templates, altering its appearance based on the victim's browser to appear more legitimate. The malware primarily relies on compromised WordPress websites to display custom landing pages that mimic the victim's browser interface. These landing pages typically inform the user that their browser needs an update, a tactic used to trick users into downloading and installing the malware. This new campaign, dubbed FakeSG, was discovered distributing a NetSupport Remote Access Tool (RAT), a tool often used by attackers to gain control over victims' systems. Notably, the malware has also been associated with other names such as "RogueRaticate". Security researcher Jerome Segura provided screenshots capturing fake updates from TA569 and another cluster, "FakeSG", illustrating the deceptive tactics employed by this malware. The impact of FakeSG is significant as it can potentially infect WiFi networks and hide itself within systems, thus making detection and removal difficult. Moreover, it's harmful as it can steal personal information, disrupt operations, or even hold data for ransom. Comprehensive research and analysis have led to the development of a how-to guide for removing FakeSG, reflecting the cybersecurity community's commitment to combating this threat.
What's your take? (Question 1 of 0)
ca794374-5ba9-4579-959b-20880b311d27 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Socgholish
2
SocGholish is a harmful malware known for its deceptive methods of infection, often impersonating legitimate browser updates to distribute Remote Access Trojans. This malicious software infiltrates systems through suspicious downloads, emails, or websites, typically without the user's knowledge. Onc
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Fakesg Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
FakeSG Virus Remove [Fake Chrome/Firefox/Mozilla/Edge Update]
Malwarebytes
10 months ago
FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT
CERT-EU
6 months ago
Kaspersky crimeware report: FakeSG, Akira and AMOS
CERT-EU
7 months ago
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'