Loader

SocGholish

First seen: 2017-01 • Status: active

Currently Active Threat

SocGholish tricks you with fake "Your browser needs to update" pop-ups on hacked websites. If you click, you get malware that leads to ransomware.

Overview

SocGholish is a JavaScript-based malware framework that uses fake browser update prompts. It is a common initial access vector for ransomware groups.

Also Known As

FakeUpdates, FAKEUPDATES

How It Spreads

  • Compromised websites
  • Fake browser updates
  • Drive-by downloads

What It Does

  • Delivers ransomware payloads
  • Provides initial access
  • Deploys Cobalt Strike

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for fake update pages
  • Watch for JavaScript downloaders

MITRE ATT&CK Techniques

T1189, T1059, T1105

If You're Infected

  1. 1.

    Isolate infected system immediately

  2. 2.

    Check for ransomware indicators

Related Malware

Cobalt Strike, Icedid

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices