Fake update puts visitors at risk
Essential information
- Published
- 24/07/2024 08:09
- Modified
- 24/07/2024 08:17
- Tags
- 2024-07-24 badspace cobalt strike downloader egregor fake update lumma stealer malware netsupport rat redline stealer ryuk socgholish wordpress zloader
- Related entities
- 10 observables, 1 intrusion sets (apt), 8 techniques (mitre), 9 malware
Description
This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerprinting user profiles, and directing victims to malicious domains hosting the fake updates. The report also explores potential payloads delivered through SocGholish, such as Cobalt Strike, Zloader, information stealers, remote access trojans, and ransomware.