SocGholish

- FakeUpdates

References:

Fake Flash Player update delivers Net Support RAT - 2017-12-20 - BroadAnalysis - Broad Analysis SocGholish

Fake Software Update Abuses NetSupport Remote Access Too - 2018-04-05 - FireEye - Sudhanshu Dubey js-GhoLoader SocGholish

"FakeUpdates" campaign leverages multiple website platforms - 2018-04-10 - Malwarebytes - Jérôme Segura SocGholish js-GhoLoader Chthonic

More Reading:

2018-03-27 - FAKE CHROME, FIREFOX, OR FLASH UPDATE PAGES PUSH JS MALWARE - 2018-03-27 - Malware-Traffic-Analysis - Brad Duncan SocGholish js-GhoLoader

Deep Analysis of Queryn Campaign - 2018-07-10 - Github - Koike js-GhoLoader SocGholish

Fake Updates campaign still active in 2019 - 2019-02-12 - SANS ISC - Brad Duncan SocGholish Chthonic js-GhoLoader

2019-06-24 - Still finding #FakeUpdates traffic similar to Feb 2019 [...] Still seeing #Chthonic banking Trojan as the final payload - 2019-06-27 - Twitter - Brad Duncan SocGholish Chthonic

Head Fake: Tackling Disruptive Ransomware Attacks - 2019-10-01 - FireEye - Bryce Abdo - Brandan Schondorfer - Kareem Hamdan - Kimberly Goody - Noah Klapprodt - Matt Bromiley BitPaymer SocGholish Dridex Chthonic AZORult

Spanish consultancy Everis suffers BitPaymer ransomware attack: a brief analysis - 2019-11-06 - Blueliv - Blueliv Labs team - Jose Miguel Esparza Dridex SocGholish Empire