Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

RansomHub taps SocGholish: WebDAV and SCF exploits fuel credential heists

(Image by Werner Moser from Pixabay)

By Aman Mishra

SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering payloads like Cobalt Strike and, more recently, RansomHub ransomware.

Darktrace’s Threat Research team has tracked multiple incidents since January 2025, where threat actors exploited SocGholish to compromise networks through fake browser updates and JavaScript-based attacks on vulnerable CMS platforms like WordPress.

By injecting malicious scripts into HTML or external resources of legitimate websites, attackers redirect unsuspecting users to counterfeit update pages, tricking them into downloading ZIP files containing SocGholish loaders.

Read more at GB Hackers

Click to listen highlighted text!