Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

FAKEUPDATES

Aliases

FakeUpdate, SocGholish

Tags
Dropper
Incidents
UNC2165 Targets Hybrid Environments with Ransomware
References
https://malpedia.caad.fkie.fraunhofer.de/details/js.fakeupdateshttps://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/what-is-fakeupdates-malware/https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malwarehttps://redcanary.com/threat-detection-report/threats/socgholish/https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan%3AJS%2FFakeUpdate.B&ThreatID=2147814008
Last edited
Feb 19, 2025 2:34 PM

FAKEUPDATES, also known as SocGholish, is a JavaScript-based downloader malware that masquerades as legitimate software updates. It employs social engineering tactics, presenting users with fake browser or software update prompts on compromised websites. When users download and execute the purported update, the malware establishes a connection to its command-and-control server, facilitating the delivery of additional malicious payloads such as remote access trojans (RATs) and information stealers.

Made with 💙 by Wiz

Last Updated: April 3, 2025