1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hundreds of US news sites hacked to send out malware

    From TechnologyDaily@1337:1/100 to All on Thu Nov 3 14:15:03 2022
    Hundreds of US news sites hacked to send out malware

    Date:
    Thu, 03 Nov 2022 14:02:21 +0000

    Description:
    American news outlets hijacked to deliver SocGholish, which can lead to stage-two ransomware attacks.

    FULL STORY ======================================================================

    Hundreds of news websites across the US have been compromised to deliver malware to their readers, researchers are saying.

    Experts from Proofpoint discovered a malware distribution campaign that targeted an unnamed media company in the US which owns hundreds of websites belonging to various newspapers.

    Allegedly, some of the sites are national, others are from New York, Boston, Chicago, Miami, Washington, D.C., and others. Fake browser updates

    Overall, more than 250 websites owned by the company were hijacked to deliver the SocGholish JavaScript malware framework. These sites deliver their
    content to the readers via a benign JavaScript code. That code was hijacked
    to deliver whats known as initial access threat, which pushes drive-by-downloads pretending to be software updates.

    In other words, website visitors would be prompted to download fake browser updates delivered as ZIP archives.

    "The media company in question is a firm that provides both video content and advertising to major news outlets. [It] serves many different companies in different markets across the United States," Sherrod DeGrippo, VP of threat research and detection at Proofpoint, told BleepingComputer .

    "Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves
    content via Javascript to its partners," Proofpoint said in a Twitter post. Read more

    Hackers hijack adult websites to infect victims with malware


    Fake Google Chrome update download could steal all your data


    Check out the best endpoint protection services right now

    "By modifying the codebase of this otherwise benign JS, it is now used to deploy SocGholish."

    Proofpoint also said that SocGholish can be used to launch stage-two attacks, which could include ransomware infections, as well. It seems to be speaking from experience here, as Evil Corp, an infamous Russia-based threat actor, is known for using SocGholish in similar campaigns. It once even tried to deploy its WastedLocker ransomware, but was thwarted by Symantec.

    In this particular situation, it seems that the attack is the work of a group tracked as TA569.

    "The situation needs to be closely monitored, as Proofpoint has observed
    TA569 reinfect the same assets just days after remediation," the researchers warned. Here's our rundown of the best firewalls available today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hundreds-of-us-news-sites-hacked-to-send-out-ma lware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)