Fake update puts visitors at risk
July 24, 2024, 8:17 a.m.
Description
This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerprinting user profiles, and directing victims to malicious domains hosting the fake updates. The report also explores potential payloads delivered through SocGholish, such as Cobalt Strike, Zloader, information stealers, remote access trojans, and ransomware.
Tags
Date
- Created: July 24, 2024, 8:09 a.m.
- Published: July 24, 2024, 8:09 a.m.
- Modified: July 24, 2024, 8:17 a.m.
Indicators
- f0fbc29c86cd84ac18aeeee38de05c32fee95d6fa49425021ce0e3d3b13d2d05
- 78ddcf7ce945cfa92e640c53462174b21601506b39dec9731212d7d4ef8aa74d
- 158.160.11.208
- http://africa.thesmalladventureguide.com/7nwh~
- sticky.oystergardening.name
- tropicalforestproducts.com
- supremeceilings.co.za
- rastek.id
- asyncawaitapi.com
- gitbrancher.com