Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre

22 July 2024

SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024, as the infection chain still begins with a compromised website prompting a fake browser update. Downloading the update triggers malicious code that fetches additional malware. Unlike prior campaigns where SocGholish installed common RATs, recent attacks involved the execution of additional files and scripts, deviating from the usual patterns. Infection Chain The initial malicious Javascript downloads a PowerShell script that bypasses AMSI and fetches the next stage loader from a DGA-generated domain.

Source: GBHackers

Date:

22 July 2024

Categorie(s):

NEWS

Tag(s):

Browsers, Cyber Attack, Cyber Security News, Cyber Threat Intelligence, Fakes

China’s Volt Typhoon reportedly breached Singtel in ‘test-run’ for US telecom attacks6 November 2024
Snowflake data theft suspect arrested in Canada6 November 2024
Scumbag puts ‘stolen’ Nokia source code, SSH and RSA keys, more up for sale6 November 2024
Canada arrests suspected hacker over breach of 160+ Snowflake users’ data6 November 2024
Cyberthreats linked to foreign actors aim to hinder Election Day proceedings5 November 2024