Authorities in the Netherlands, Canada, the US, and Germany disrupted SocGholish infrastructure and cleaned up nearly 15,000 infected WordPress sites with support from Europol and private partners. The long-running FakeUpdates framework has been used to deliver loaders and payloads including Gholoader, MintsLoader, GhostWeaver, LockBit, RansomHub, AsyncRAT, and NetSupport RAT through compromised websites. #SocGholish #FakeUpdates #WordPress #Europol #TA569 #DEV0206 #GoldPrelude #MustardTempest #UNC1543 #EvilCorp #Gholoader #MintsLoader #GhostWeaver #LockBit #RansomHub #AsyncRAT #NetSupportRAT
Keypoints
- Law enforcement disrupted SocGholish infrastructure across four countries.
- Nearly 15,000 infected WordPress websites were cleaned up.
- SocGholish, also known as FakeUpdates, has been active since 2017.
- The malware is used as a JavaScript dropper for multiple payloads and loaders.
- TA569 has targeted high-traffic websites to spread fake browser update lures.
Read More: https://www.securityweek.com/15000-wordpress-websites-cleaned-up-in-socgholish-botnet-takedown/