SocGholish is the name of a newly identified toolkit used by cybercriminals. It is meant to help them with the distribution of various malware families by allowing the criminals to impersonate legitimate software packages and updates, therefore making the content appear more trustworthy. The SocGholish framework specializes in enabling drive-by download attacks, and the campaigns to involve it have obtained a lot of traction over the past couple of months. Two of the notable malware families being distributed via the SocGholish framework are the WastedLocker Ransomware and the Dridex Trojan. However, it is safe to assume that plenty of other malware families are being distributed via the same method.
The criminals behind the SocGholish framework are trying to mask their payloads as update packages related to Adobe and Microsoft products. The files served are usually stored in a ZIP File and users might mistake it for a legitimate file easily. Furthermore, the criminals are using iFrames to spawn update prompts in legitimate sites whose security has been compromised – this is a sort of attack known as a 'watering-hole' attack since it involves using sites that users are likely to consider trustworthy.
Cybercriminals are not always interested in advancing their malware because they can often expand their operations by abusing new malware propagation techniques like the ones seen in SocGholish. The method that SocGholish uses to deliver payloads is a good reminder that you should not trust reputable websites blindly, as there is always a small chance that they may have been compromised by threatening users. Always be wary of surprising Adobe Flash or Microsoft updates, which appear to be out of place and make sure to run a reputable anti-malware service at all times.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to SocGholish may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.