Aliases
FakeUpdate, SocGholish
Tags
Dropper
Incidents
UNC2165 Targets Hybrid Environments with Ransomware
References
https://malpedia.caad.fkie.fraunhofer.de/details/js.fakeupdateshttps://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/what-is-fakeupdates-malware/https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malwarehttps://redcanary.com/threat-detection-report/threats/socgholish/https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan%3AJS%2FFakeUpdate.B&ThreatID=2147814008
Last edited
Feb 19, 2025 2:34 PM
FAKEUPDATES, also known as SocGholish, is a JavaScript-based downloader malware that masquerades as legitimate software updates. It employs social engineering tactics, presenting users with fake browser or software update prompts on compromised websites. When users download and execute the purported update, the malware establishes a connection to its command-and-control server, facilitating the delivery of additional malicious payloads such as remote access trojans (RATs) and information stealers.