To infect the system, an end-user has to first manually decompress the archive file and then execute the malware by double-clicking. The website displays content that might lure end-users, such as critical browser updates. SocGholish operators host a malicious website that implements a drive-by-download mechanism, such as JavaScript code or uniform resource locator (URL) redirections, to trigger the download of an archive file that contains malware. The term Soc refers to the use of social engineering to deploy malware on systems. SocGholish is an attack framework that malicious actors have used since at least 2020. The report also provides attribution information whenever possible, as well as recommendations for threat mitigation and isolation. The report provides an in-depth overview of the incident, which helps to understand the scope of the compromise and the impact on the customer’s environment. The Cybereason GSOC MDR team issues a comprehensive report to customers when such an incident occurs. Cybereason Managed Detection and Response (MDR): The Cybereason GSOC team has a zero-tolerance policy towards attacks involving SocGholish and Zloader, and categorizes such attacks as critical, high-severity incidents.Detected and prevented: The Cybereason XDR Platform effectively detects and prevents infections with SocGholish and Zloader.Intensive reconnaissance and data exfiltration: SocGholish operators conduct intensive reconnaissance activities and redirect the output of executed commands to files with the filename extension.Infections with Zloader start by end-users executing a fake installer of a popular application, such as TeamViewer. Masquerading malware: Infections with SocGholish start by end-users executing JavaScript scripts with filenames that relate to known browsers and browser updates, such as and Firefox.js.We present the deployment of the malware on compromised systems and the activities of the malware operators, including an activity timeline. This Threat Analysis report provides insight into three selected attacks, which involve the SocGholish and Zloader malware masquerading as legitimate software updates and installers of popular applications. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis reports to inform on impacting threats.
0 kommentar(er)
