Fakeupdates

Malware updated 3 months ago (2024-11-29T14:35:19.109Z)
Download STIX
Preview STIX
FakeUpdates, a malicious software (malware), has become increasingly prevalent in recent years. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, and can disrupt operations, steal personal information, or hold data hostage for ransom. In 2022, an investigation by Sucuri and Avast observed compromised websites delivering the FakeUpdates downloader (also known as SocGholish) to unsuspecting visitors. This JavaScript-based loader primarily targets Microsoft Windows-based environments and has been used to deliver the AsyncRAT and the legitimate open-source project BOINC. The malware's impact has been significant. As of last month, it was reported that FakeUpdates affected 3% of organizations worldwide, making it one of the top three most prevalent malwares, following Qbot and Formbook. However, at certain points, its impact rose to as high as 8%, surpassing other malware families such as Androxgh0st and Phorpiex. The education sector has been particularly hard-hit, reflecting the broad reach and destructive potential of this malware. Moreover, FakeUpdates has been implicated in complex cyberattacks. Microsoft reported instances where RansomHub was deployed in post-compromise activity by threat actors tracked as Manatee Tempest, who gained initial access via Mustard Tempest using FakeUpdates/SocGholish infections. Similarly, Huntress researchers observed the use of the JavaScript downloader malware SocGholish (aka FakeUpdates) to deliver the remote access trojan AsyncRAT and the legitimate open-source project BOINC. These incidents underscore the sophisticated tactics employed by cybercriminals and the critical need for robust cybersecurity measures.
Description last updated: 2024-10-17T11:57:11.921Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Socgholish is a possible alias for Fakeupdates. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, Microsof
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Downloader
Malware
JavaScript
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Qbot Malware is associated with Fakeupdates. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23 Unspecified
2
The AsyncRAT Malware is associated with Fakeupdates. AsyncRAT is a malicious software (malware) that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has recently risen to prominence, raUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Ransomhub Threat Actor is associated with Fakeupdates. RansomHub, a threat actor in the realm of cybersecurity, has emerged as a significant player within the ransomware landscape. The group is known for its malicious activities, including data breaches and extortion attempts. It has been observed that RansomHub affiliates actively participate in campaiUnspecified
2
Source Document References
Information about the Fakeupdates Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
19 days ago
Checkpoint
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
DARKReading
a year ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Checkpoint
9 months ago
CERT-EU
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago