HQ/EMEAFind out how we can help your business
Cybercriminals have exploited a compromised infrastructure of an unnamed media firm to propagate the SocGholish JavaScript malware framework against hundreds of news websites in the US. SocGholish, also known as FakeUpdates, is installed via a malicious JavaScript file.
The undisclosed media firm serves numerous news outlets in the US with advertisement and video content. According to the reports, the threat actors have injected malicious code into the JavaScript file that gets loaded when visitors enter the compromised news websites.
Through fake browser updates, the visitors of the infected news websites will be lured to install malware into their machines delivered as ZIP archives.
Researchers have observed sporadic injections on the unnamed media firm serving many major news outlets. The threat actors have leveraged the JavaScript content the company serves on its partners to spread their supply-chain attacks.
Initially a benign JavaScript, threat actors modified the codebase to be able to deploy the SocGholish JavaScript malware framework towards hundreds of news websites, subsequently infecting people with malicious payloads.
Based on the latest update, researchers said that over 250 US news websites have already been installed with the SocGholish malware. These supply-chain attacks have affected media organisations from New York, Chicago, Miami, and Boston, among others.
Meanwhile, security experts attribute these attacks to the TA569 threat group after they have also been linked with leveraging media assets to spread SocGholish malware in the past. Being infected with this malware could make victims suffer from a ransomware attack.
Past reports of SocGholish campaigns have also lured victims with fake updates and site redirects, aiming to infect them with malware and ransomware payloads.
Another threat group that could be attributed to this new campaign is the Evil Corp gang due to their previous use of SocGholish to execute a similar attack operation against the employees of over 30 major firms in the US. The victims, in this case, were lured with fake software updates delivered from many compromised American news websites.
While there is yet an exact threat group identified behind the recent attacks, security experts warn people to be vigilant against these fake update alerts when visiting news websites as they could be compromised.
