What’s new: The SocGholish malware, also known as FakeUpdates, is being distributed through Traffic Distribution Systems (TDSs) such as Parrot TDS and Keitaro TDS. This malware operates as a Malware-as-a-Service (MaaS) model, providing initial access to other cybercriminal organizations, including Evil Corp and LockBit. SocGholish typically masquerades as fake updates for popular software and is attributed to the threat actor TA569.
Who’s affected
Organizations and individuals who visit compromised websites or are redirected through TDSs may be at risk of SocGholish infections, which can lead to further exploitation by various cybercriminal groups.
What to do
- Implement web filtering to block access to known malicious domains and TDSs.
- Educate users about the risks of downloading software updates from untrusted sources.
- Regularly update and patch software to mitigate vulnerabilities that could be exploited by malware.
- Monitor network traffic for unusual patterns that may indicate malware activity.
