CyberSecurity news
FlagThis
Adam O'Connor@feeds.feedburner.com
//
SocGholish, also known as FakeUpdates, is facilitating the distribution of RansomHub ransomware through compromised websites. The malware-as-a-service (MaaS) framework, observed since 2018 and tracked by Trend Micro as Water Scylla, injects malicious scripts into legitimate websites. This action redirects users to deceptive pages disguised as browser update notifications, tricking them into downloading and executing malicious files that initiate the infection process.
Trend Micro researchers have analyzed SocGholish's MaaS framework, highlighting its use of highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. The SocGholish loader can download and execute malicious payloads, exfiltrate sensitive data, and execute arbitrary commands, providing persistent access for further exploitation and payload deployment. This intrusion set collaborates with threat actors operating rogue Keitaro Traffic Distribution System (TDS) instances to filter traffic, enhancing the effectiveness of RansomHub delivery. Detections have been highest in the United States, with government organizations among the most affected.
ImgSrc: www.trendmicro.
References :
Trend Micro researchers have analyzed SocGholish's MaaS framework, highlighting its use of highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks. The SocGholish loader can download and execute malicious payloads, exfiltrate sensitive data, and execute arbitrary commands, providing persistent access for further exploitation and payload deployment. This intrusion set collaborates with threat actors operating rogue Keitaro Traffic Distribution System (TDS) instances to filter traffic, enhancing the effectiveness of RansomHub delivery. Detections have been highest in the United States, with government organizations among the most affected.
ImgSrc: www.trendmicro.
Share:
References :
- www.trendmicro.com: SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
- gbhackers.com: SocGholish Exploits Compromised Websites to Deliver RansomHub Ransomware
- Virus Bulletin: Trend Micro researchers analyse SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.
- securityonline.info: A new analysis by Trend Research has shed light on intrusion techniques involving the malware-as-a-service (MaaS) framework known
- www.cybersecuritydive.com: The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.
- Broadcom Software Blogs: Betruger backdoor being used by at least one affiliate of RansomHub.
Classification:
- HashTags: #SocGholish #RansomHub #Ransomware
- Company: Trend Micro
- Target: Website visitors
- Attacker: SocGholish
- Product: MaaS framework
- Feature: intrusion techniques
- Malware: RansomHub
- Type: Ransomware
- Severity: Major