SocGholish is an initial access threat that uses drive-by-downloads that are disguised in the form of software updates. The Soc part of its name refers to social engineering, which is the primary technique used to deploy this malware. SocGholish has been active since April 2018 and is linked to suspected Russian cybercrime group identified sometimes as Evil Corp or Indrik Spider.
A SocGholish attack takes place when an unsuspecting user visits a compromised website. The site is presented in such a way that the user is lured into downloading a ZIP file and executing this payload. This typically occurs by displaying content that indicates to the user that they require some sort of update on their device, such as to their browser.
This video talks about what SocGholish is, how it works, and ways you can stay ahead of it. Watch the video to learn more—three minutes is all it takes!
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.