SocGholish is a malware family that leverages drive-by-downloads masquerading as software updates for initial access. Active since at least April 2018, SocGholish has been linked to the suspected Russian cybercrime group Evil Corp. As in past years, Red Canary observed SocGholish impacting a wide variety of industry verticals in 2023.

2022年11月22日 · SocGholish is primarily known for its “drive-by” download style of initial infection. Such attacks employ malicious JavaScript, which is injected into compromised, but otherwise legitimate, websites.

SocGholish is a JavaScript-based loader malware that has been used since at least 2017. It has been observed in use against multiple sectors globally for initial access, primarily through drive-by-downloads masquerading as software updates.

2024年2月21日 · SocGholish is a JavaScript malware framework that has been in use since at least 2017. It is distributed through a number of malicious sites claiming to provide critical browser updates.

2023年1月30日 · We contained both intrusions by preventing what looked like the threat actor’s primary objective: deploying ransomware. Think of SocGholish as, primarily, a preliminary foothold to provide access for additional cyber-crime groups.

SocGholish is an attack framework that malicious actors have used since at least 2020. The term Soc refers to the use of social engineering to deploy malware on systems.

2023年8月11日 · SocGholish is a challenging malware to defend against. It is widespread, and it can evade even the most advanced email security solutions. In June alone, we saw SocGholish evade detection by prior layers of security in thousands of instances worldwide. Globally, Proofpoint detected SocGholish in over 1,000 Proofpoint customers.

2022年6月28日 · SocGholish is an attack framework that malicious actors have used since at least 2020. The term Soc refers to the use of social engineering to deploy malware on systems.

2023年7月17日 · SocGholish has been able to survive for over five years due to its advanced techniques that allow it to remain difficult to detect and stop. Its primary distribution methods are drive-by-downloads and phishing campaigns that drop …

2022年10月31日 · The Advanced Threats and Research team in our SOC investigated SocGholish in a sandbox environment to fully understand how it behaves, and how it infects victims. Armed with this information, the team then went threat hunting to look for indicators of it within customer networks.