Skip to Content

SocGolish on media sites

Updated on 2022-11-25: SocGolish waves

Sucuri has been keeping an eye on the tactics used by the SocGolish gang to deploy malicious code on hacked WordPress sites. The gang uses this malicious code to redirect users to other websites hosting apps laced with the SocGolish malware. They later use their malware to deploy malware for other gangs, such as infostealers, RATs, and even ransomware. Read more:

Updated on 2022-11-22

The same Proofpoint security team has linked the SocGolish malware operation to the TA569 threat actor. SocGolish is malware deployed to users via malicious JavaScript code injected on hacked websites. Initial infections with SocGolish have been previously linked to the deployment of infostealers, RATs, and even ransomware, as of recently. Read more: Part 1: SocGholish, a very real threat from a very fake update

SocGolish malware overview

Updated on 2022-11-09: SocGholish update

The operators of the SocGolish malware delivery platform have ramped up efforts to expand their infrastructure. SentinelOne reports that the group is now deploying 18 new malware-staging servers each month, a 334% rise compared to the first half of 2022. Most of these new servers are located in Europe. Read more: SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders

Updated on 2022-11-04: SocGolish on media sites

Proofpoint also detected this week a compromise of the infrastructure of a media company, through which malicious code linked to the SocGolish operation was deployed on more than 250 news sites across the US. Read more: Supply Chain Attack Pushes Out Malware to More than 250 Media Websites

Overview

The Walmart security team has a very technical blog post on the operations of SocGolish, a cybercrime group that relies on fake software updates to infect users with malware.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.