internalchecksssocom (second campaign)īatLoader, named by Mandiant, is a malware dropper.We also observed several C2 domains related to BatLoader campaigns: The infections were observed in Insurance, Consulting, Healthcare, and Printing industries. In October and November 2022, we observed the second BatLoader campaign pushing fake installers such as TeamViewer (Figure 3), AnyDesk and LogMeIn. Figure 1: Fake Zoom Installer Figure 2: Fake AnyDesk installer The MSI installers are signed by “Kancelaria Adwokacka Adwokat Aleksandra Krzemińska” (Figures 1-2). The user navigates to the first advertisement displayed, which redirects the user to the website hosting the fake installer. ![]() ![]() The initial infection starts with the user searching for installers such as Zoom, TeamViewer, AnyDesk, or FileZilla. In September 2022, eSentire TRU observed multiple BatLoader infections in Consumer Services, Retail, Telecommunications, and Non-Profit client environments.
0 Comments
Leave a Reply. |