SocGholish is a malware family that leverages drive-by-downloads masquerading as software updates for initial access. Active since at least April 2018, SocGholish has been linked to the suspected …

SocGholish is a JavaScript-based loader malware that has been used since at least 2017. It has been observed in use against multiple sectors globally for initial access, primarily through drive-by …

Aug 7, 2025 · SocGholish, also called FakeUpdates, is a JavaScript loader malware that's distributed via compromised websites by masquerading as deceptive updates for web browsers like Google …

Jan 21, 2026 · What is SocGholish malware? SocGholish, often referred to as “FakeUpdates,” is a type of malware that uses social engineering to trick users into installing malicious software under the …

Aug 11, 2023 · Find out what we learned about the most recent SocGholish attack. Learn how Proofpoint detected the attack and what you can do to prevent future threats.

Jun 18, 2024 · SocGholish is a sophisticated JavaScript malware framework that has been actively used by cybercriminals since at least 2017. The primary purpose of this malware is to trick users into …

Sep 8, 2025 · SocGholish is a type of JavaScript-based malware often associated with social engineering attacks intended to compromise website visitors. It typically masquerades as a browser …

Aug 6, 2025 · SocGholish, operated by TA569, actually functions as a Malware-as-a-Service (MaaS) vendor, selling access to compromised systems to various financially motivated cybercriminal clients.

Feb 13, 2025 · SocGholish is a malware campaign that spreads via hacked web pages. This is a guide for how to detect infections by searching in SIEMs and logging systems for attacker behaviors.

SocGholish (AKA FakeUpdates) has been active since at least April 2018 and is widely associated with the Russia-cybercriminal group, Evil Corp. The malware is often observed being deployed by …