Threat Awareness – SocGholish and Zloader

A new threat analysis report from Cybereason examines the threat posed by two malware strains, SocGholish and Zloader, that masquerade as legitimate software updates and installers. From December 2021 to now, Cybereason researchers have observed an increase in the number of attacks involving SocGholish and Zloader. First, SocGholish is a JavaScript-based malware that poses as a legitimate browser update delivered to victims via compromised websites and establishes an initial foothold on a victim’s network before deploying ransomware or conducting other malicious activity. Reportedly, SocGholish infections are the most common initial intrusion vector across multiple variants of ransomware associated with the Evil Corp cybercriminal organization. Second, Zloader, according to Cybereason, “is a malware largely designed to steal credentials and sensitive data, but it also has backdoor capabilities and it can act as a malware loader to deliver further malware on compromised systems.” Zloader is under continuous development, and recent upgrades allow it to disable antivirus software. The latest distribution method has been through malicious websites which have Zloader masquerading as an installer of a popular application, like TeamViewer. This research highlights that Zloader continues to represent a threat, despite the recent disruption of its infrastructure by Microsoft and other organizations. Access the full report at Cybereason.