SocGholish is a JavaScript-based loader malware that has been used since at least 2017. It has been observed in use against multiple sectors globally for initial access, primarily through drive-by …

SocGholish is a malware family that leverages drive-by-downloads masquerading as software updates for initial access. Active since at least April 2018, SocGholish has been linked to the suspected …

Aug 7, 2025 · SocGholish, also called FakeUpdates, is a JavaScript loader malware that's distributed via compromised websites by masquerading as deceptive updates for web browsers like Google …

Nov 22, 2022 · SocGholish is a malware variant which continues to thrive in the current information security landscape. By utilizing an extensive variety of stages, eligibility checks, and obfuscation …

Jan 21, 2026 · What is SocGholish malware? SocGholish, often referred to as “FakeUpdates,” is a type of malware that uses social engineering to trick users into installing malicious software under the …

Jun 18, 2024 · SocGholish is a sophisticated JavaScript malware framework that has been actively used by cybercriminals since at least 2017. The primary purpose of this malware is to trick users into …

Feb 13, 2025 · SocGholish is a malware campaign that spreads via hacked web pages. This is a guide for how to detect infections by searching in SIEMs and logging systems for attacker behaviors.

Sep 8, 2025 · SocGholish is a type of JavaScript-based malware often associated with social engineering attacks intended to compromise website visitors. It typically masquerades as a browser …

SocGholish (AKA FakeUpdates) has been active since at least April 2018 and is widely associated with the Russia-cybercriminal group, Evil Corp. The malware is often observed being deployed by …

Aug 6, 2025 · SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients.