SocGholish

Pierluigi Paganini June 24, 2026
Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame

Operation Endgame disrupted malware services like StealC and Amadey that enable ransomware, fraud, and attacks on critical infrastructure. Between June 15 and 19, 2026, Europol coordinated a two-week law enforcement operation involving agencies from Canada, Denmark, Germany, the Netherlands, the UK, and the US, alongside private firms like Microsoft, Bitdefender, IBM X-Force, Proofpoint, Infoblox, Shadowserver, […]

Pierluigi Paganini June 19, 2026
14,971 WordPress Sites Cleaned in Global SocGholish Takedown

Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks […]

Pierluigi Paganini November 26, 2025
For the first time, a RomCom payload has been observed being distributed via SocGholish

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time […]

Pierluigi Paganini July 22, 2024
SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client). The BOINC project is […]