Close Menu
  • Homepage
  • News
  • Cloud & AI
  • ECommerce
  • Entertainment
  • Finance
  • Opinion
  • Podcast
  • Contact

Subscribe to Updates

Get the latest technology news from TechFinancials News about FinTech, Tech, Business, Telecoms and Connected Life.

What's Hot

Sequentum Cloud Wins 2026 CODiE Award for Best No-Code/Low-Code Platform

2026-07-18

SMSFAST Surpasses 1.29 Million Users With 96.4% SMS Delivery Rate

2026-07-17

Scott IT Academy Launches Online Platform for Secure Agile Development Training

2026-07-17
Facebook X (Twitter) Instagram
Trending
  • Sequentum Cloud Wins 2026 CODiE Award for Best No-Code/Low-Code Platform
Facebook X (Twitter) Instagram YouTube LinkedIn WhatsApp RSS
TechFinancials
  • Homepage
  • News
  • Cloud & AI
  • ECommerce
  • Entertainment
  • Finance
  • Opinion
  • Podcast
  • Contact
TechFinancials
Home»Security»Surge In Malware Infections Linked To Malvertising Campaigns Distributing FakeBat Loader
Security

Surge In Malware Infections Linked To Malvertising Campaigns Distributing FakeBat Loader

NUMOZYLOD collects detailed system information, including operating system specifics, domain membership, and installed antivirus software.
Gugu LourieBy Gugu Lourie2024-08-20Updated:2024-08-20No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Malware
Malware. Image by DC Studio on Freepik
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

In a troubling development, cybersecurity experts have identified a sharp increase in malware infections, traced back to deceptive online ads that are spreading a malicious software loader known as FakeBat. These covert campaigns are catching users off guard, leading to widespread security breaches.

Since mid-2023, Mandiant Managed Defense has responded to a surge in malware infections originating from malvertising campaigns.

“These attacks are opportunistic in nature, targeting users seeking popular business software. The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to download a secondary payload,” the Mandiant Managed Defense team said in a technical report.

“Our research into NUMOZYLOD reveals an interesting glimpse into the growing and thriving underground economy, where threat actors actively seek out partners to fulfill the supply and demand for specialized tools and services for their objectives. It also highlights how threat actors are exploiting MSIX to covertly bundle and distribute malware alongside legitimate software.”

Mandiant tracks this PowerShell script as NUMOZYLOD and attributes its distribution to UNC4536, a threat actor operating under the moniker “eugenfest.” The actor is part of a Malware-as-a-Service (MaaS) operation, distributing malware such as ICEDID, REDLINESTEALER, CARBANAK, LUMMASTEALER, or ARECHCLIENT2.

“Our research into NUMOZYLOD reveals an interesting glimpse into the growing and thriving underground economy, where threat actors actively seek out partners to fulfill the supply and demand for specialized tools and services for their objectives,” said Mandiant.

“It also highlights how threat actors are exploiting MSIX to covertly bundle and distribute malware alongside legitimate software.”

NUMOZYLOD is also known as FakeBat, EugenLoader and PaykLoader.

Mandiant added that UNC4536’s modus operandi involves leveraging malvertising to distribute trojanized MSIX installers disguised as popular software like Brave, KeePass, Notion, Steam, and Zoom. UNC4536 operates primarily as a malware distributor, with FakeBat serving as a vehicle to deliver next-stage payloads to their business partners, such as FIN7.

“These trojanized MSIX installers are hosted on websites designed to mimic legitimate software hosting sites, luring users into downloading them.”

NUMOZYLOD collects detailed system information, including operating system specifics, domain membership, and installed antivirus software. Some variants also capture the host’s public IPv4 and IPv6 addresses and transmit this data to its command and control (C2) server.

In some variants, NUMOZYLOD creates a shortcut(.lnk) in the StartUp folder as its persistence.

“As a part of a Malware-as-a-Service (MaaS) operation, NUMOZYLOD completes its mission upon the successful deployment of the second-stage malware from its C2 server and hands it over to its buyer for the subsequent mission,” said Mandiant.

Cybercriminals FakeBat Loader Malvertising Malware Infections online ads
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Gugu Lourie
  • Website

Related Posts

New Cape Town Cybersecurity Platform Tackles The Rise Of AI-Enabled Supplier Fraud

2026-07-15

Meet The Woman Building A Free App To Connect Young People To Jobs, Bursaries And Hope

2026-07-10

South Africa’s AI future Is Leaving Millions Behind

2026-07-06

University Of Pretoria To Spearhead South Africa’s Historic Quantum Technology Push

2026-07-02

South Africans Need R20k/Month For 40-Hour Work Week To Afford Dignified Living

2026-06-25

The Tech Replacing Manual Hotel Payment Terminals

2026-06-24

The Insight Economy Is Over, AI Commoditised Consulting Advice Almost Overnight

2026-06-18

Ripple Invests In Flutterwave To Boost Africa’s Digital Payments Infrastructure

2026-06-16

How A California Micro-Server Network Proves Low-Cost, High-Speed Connectivity Is Possible

2026-06-09
Leave A Reply Cancel Reply

DON'T MISS
Breaking News

Eskom Green Secures Final PFMA Approvals, Targets 32GW Utility-Scale Renewable Push By 2040

South Africa’s energy landscape enters a transformative new chapter this week as Eskom Holdings secures…

From Innovation To Application: AI In The Business Of Property

2026-07-14

SA FinTech Float Exports Card-Linked Instalment Innovation To The UK

2026-07-08

South African AI Coding Startup HyperDev Secures R16 Million Pre-Seed Funding Amid Explosive User Growth

2026-07-06
Stay In Touch
  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
OUR PICKS

Amazon Leo Names Herotel, Maziv As Distributors In Starlink Battle

2026-07-15

Giant Data Centres Get The First Green Light From Cape Town Tribunal

2026-07-15

Eskom Launches Eskom Green, A Dedicated Renewable Energy Business

2026-06-09

Why South Africans Are No Longer Switching Mobile Phone Operators?

2026-06-01

Subscribe to Updates

Get the latest tech news from TechFinancials about telecoms, fintech and connected life.

About Us

TechFinancials delivers in-depth analysis of tech, digital revolution, fintech, e-commerce, digital banking and breaking tech news.

Facebook X (Twitter) Instagram YouTube LinkedIn WhatsApp Reddit RSS
Our Picks

Sequentum Cloud Wins 2026 CODiE Award for Best No-Code/Low-Code Platform

2026-07-18

SMSFAST Surpasses 1.29 Million Users With 96.4% SMS Delivery Rate

2026-07-17

Scott IT Academy Launches Online Platform for Secure Agile Development Training

2026-07-17
Recent Posts
  • Sequentum Cloud Wins 2026 CODiE Award for Best No-Code/Low-Code Platform
  • SMSFAST Surpasses 1.29 Million Users With 96.4% SMS Delivery Rate
  • Scott IT Academy Launches Online Platform for Secure Agile Development Training
  • Huawei South Africa Connect 2026 to tackle the infrastructure needed for the AI era
  • The .za Domain Name Authority Confirms Annual Registry Fee Adjustment
TechFinancials
RSS Facebook X (Twitter) LinkedIn YouTube WhatsApp
  • Homepage
  • Newsletter
  • Contact
  • Advertise
  • Privacy Policy
  • About
© 2026 TechFinancials. Designed by TFS Media. TechFinancials brings you trusted, around-the-clock news on African tech, crypto, and finance. Our goal is to keep you informed in this fast-moving digital world. Now, the serious part (please read this): Trading is Risky: Buying and selling things like cryptocurrencies and CFDs is very risky. Because of leverage, you can lose your money much faster than you might expect. We Are Not Advisors: We are a news website. We do not provide investment, legal, or financial advice. Our content is for information and education only. Do Your Own Research: Never rely on a single source. Always conduct your own research before making any financial decision. A link to another company is not our stamp of approval. You Are Responsible: Your investments are your own. You could lose some or all of your money. Past performance does not predict future results. In short: We report the news. You make the decisions, and you take the risks. Please be careful.

Type above and press Enter to search. Press Esc to cancel.

Ad Blocker Enabled!
Ad Blocker Enabled!
Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.