The SocGholish malware framework is still frequently used in cyberattacks in the constantly changing threat landscape. Recent research tracked numerous malware-related attack campaigns.
Researchers from Sucuri discovered a novel form of WordPress infection wherein threat actors injected SocGholish malware using a distinctive feature. Another discovery made by ProofPoint was that SocGholish was used to target users around the world by injecting itself into almost 300 websites. The malware was introduced by the attackers using malvertising and SEO poisoning strategies. SocGholish was employed in an attack campaign against a significant American media company earlier this month.
Enterprises continue to face a serious threat from the attack vectors and the speed with which SocGholish is spreading the infection chain. Defenders must carefully consider alerts and refrain from quickly dismissing them as false positives.
Read More: SocGholish Attacks Remain a Real Threat