Over 250 regional and national US newspaper sites are spreading malware after falling victim to a supply chain attack.
Cybersecurity company Proofpoint observed intermittent injections in a media company serving many major news outlets.
News outlets in Boston, New York, Chicago, Miami, Washington, Cincinnati, and Palm Beach, among others, have been impacted.
“By modifying the codebase of this otherwise benign JS, it is now used to deploy SocGholish,” Proofpoint said.
SocGholish is also known as FakeUpdates – malware that masquerades as legitimate software updates. It has been linked to the suspected Russian cybercrime group Evil Corp. Proofpoint, however, tracks the threat actor as TA569 and does not assess TA569 as Evil Corp.
“TA569 is a traffic and load seller known for compromising content management servers and injecting and redirecting web traffic to a social engineering kit. The threat actor leverages fake updates to prompt users to update their browser and download a malicious script,” Proofpoint said.
More from Cybernews:
Subscribe to our newsletter