5 matches found
SocGholish Malware Using Compromised Sites to Deliver Ransomware
New research on SocGholish FakeUpdates reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide...
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems TDSs like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service MaaS model, where...
A week in security (December 9 – December 15)
Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...
Malicious ad distributes SocGholish malware to Kaiser Permanente employees
On December 15, we detected a malicious campaign targeting Kaiser Permanente employees via Google Search Ads. The fraudulent ad masquerades as the health care company's HR portal used to check for benefits, download paystubs and other corporate related tasks. We believe the threat actors' intent...
SocGholish Malware Exploits BOINC Project for Covert Cyberattacks
The JavaScript downloader malware known as SocGholish aka FakeUpdates is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer...