Researchers uncovered a new campaign with FakeUpdates, also known as SocGolish, targeting and compromising WordPress websites with hacked admin accounts. Meanwhile, Play entered the top three of most wanted ransomware groups and education remained the most attacked sector worldwide
Our latest Global Threat Index for February 2024 saw researchers uncover a fresh FakeUpdates campaign compromising WordPress websites. These sites were infected using hacked wp-admin administrator accounts, with the malware adapting its tactics to infiltrate websites by utilizing altered editions of authentic WordPress plugins, and tricking individuals into downloading a Remote Access Trojan. Meanwhile, even following its takedown towards the end of February, Lockbit3 remained the most prevalent ransomware group, responsible for 20% of published attacks, and education continued to be the most impacted industry worldwide.
FakeUpdates, also known as SocGholish, has been operational since at least 2017, and uses JavaScript malware to target websites, especially those with content management systems. Often ranked the most prevalent malware in the Threat Index, the FakeUpdates malware aims to trick users into downloading malicious software and despite efforts to stop it, it remains a significant threat to website security and user data. This sophisticated malware variant has previously been associated with the Russian cybercrime group known as Evil Corp. Due to its downloader functionality, it is believed that the group monetizes the malware by selling access to the systems that it infects, leading to other malware infections if the group provides access to multiple customers.
Websites are the digital storefronts of our world, crucial for communication, commerce, and connection. Defending them from cyberthreats isn’t just about safeguarding code; it is about protecting our online presence and the essential functions of our interconnected society. If cybercriminals choose to use them as a vehicle to covertly spread malware, that could impact future revenue generation and the reputation of an organization. It is vital to put preventative measures in and adopt a culture of zero tolerance to ensure absolute protection from threats.