GAMEFISH (which also goes by the name Downrage) is a tool that belongs to the infamous hacking group Fancy Bear, also known as APT28 (Advanced Persistent Threat) and Sofacy. Fancy Bear is believed to originate from Russia and is known to have been active since 2004 so that it is fair to say that they are not new to this. These cyber crooks have a particular taste for high-profile political targets. This has lead malware experts to believe that Fancy Bear may be linked to the Russian Government and is likely operating on their behalf, to further Russian interests globally. One of Fancy Bear’s big-scale operations that took place rather recently was their attack launched against certain French political actors before the presidential elections in France in 2018.
It is likely that the GAMEFISH tool is used in the first stage of an attack as its features include the ability to collect network and system data regarding the infiltrated host and forward it to the attackers. The GAMEFISH loader also is capable of receiving commands, which would then set it off to download and execute a second threat. Cybersecurity experts have detected several other threats, which have been used as a secondary payload in previous campaigns involving the GAMEFISH tool. Among them are Xagent, Usbstealer, XTunnel and Downdelph. These hacking tools are known to be a part of the vast arsenal of Fancy Bear.
As Fancy Bear is not known for discarding its tools after one campaign, it is likely that it will continue to employ the GAMEFISH tool in future operations. Prominent hacking groups like Fancy Bear also tend to improve and update their hacking tools so the GAMEFISH loader may become even more threatening in the future.
Do You Suspect Your PC May Be Infected with GAMEFISH & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like GAMEFISH as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.