In February 2024, threat actors distributed the FakeBat malware through malvertising campaigns that abused legitimate websites and cloaking techniques to bypass security checks. The campaigns impersonated popular software to trick users into downloading trojanized installers containing obfuscated PowerShell scripts. FakeBat continues to threaten businesses by compromising ads for software downloads. Defending against the infrastructure and blocking ads can mitigate these types of attacks.