Hundreds of US news sites deliver malware
Over 250 regional and national US newspaper sites are spreading malware after falling victim to a supply chain attack.
Cybersecurity company Proofpoint observed intermittent injections in a media company serving many major news outlets.
News outlets in Boston, New York, Chicago, Miami, Washington, Cincinnati, and Palm Beach, among others, have been impacted.
“By modifying the codebase of this otherwise benign JS, it is now used to deploy SocGholish,” Proofpoint said.
SocGholish is also known as FakeUpdates – malware that masquerades as legitimate software updates. It has been linked to the suspected Russian cybercrime group Evil Corp. Proofpoint, however, tracks the threat actor as TA569 and does not assess TA569 as Evil Corp.
“TA569 is a traffic and load seller known for compromising content management servers and injecting and redirecting web traffic to a social engineering kit. The threat actor leverages fake updates to prompt users to update their browser and download a malicious script,” Proofpoint said.
More from Cybernews:
Aerospace industry needs to wake up to cyber threats
Researchers tie Black Basta ransomware to the FIN7 threat actor
WhatsApp launches new Communities feature, promises enhanced safety
Instagram scammer pleads guilty to crypto fraud
War in Ukraine and geopolitics fuel cyberattacks
Subscribe to our newsletter
Your email address will not be published. Required fields are marked