Exposing FakeBat loader: distribution methods and adversary infrastructure

**Executive summary:** Sekoia.io TDR documents FakeBat (EugenLoader/PaykLoader) as a widely used loader in 2024, distributed via drive-by downloads through malvertising, compromised WordPress sites serving fake browser updates, and social-engineering targeting communities; the report outlines the MaaS offering, distribution services, detailed C2 infrastructure evolution, numerous IoCs (domains, MSIX and script hashes), and YARA rules to detect the loader and its stages.