SocGholish: 5+ Years of Massive Website Infections
SocGholish is a JavaScript malware framework that has been in use since at least 2017. It is distributed through a number of malicious sites claiming to provide critical browser updates. In reality, these sites are designed to trick victims into downloading and installing malware — usually in the form of .zip or .js files.
Once an end user has manually decompressed and executed the archive file by double-clicking the contents, various malware which may include remote access trojans (RATs), information stealers, and Cobalt Strike beacons are deployed. All this malware is just an intermediary step for targeted ransomware attacks against corporations and organizations, resulting in major disruptions of business operations and significant financial losses.
The SocGholish infrastructure most likely belongs to a highly sophisticated group analyzed by PRODRAFT in 2020-2021 whom they refer to as SilverFish.
https://blog.sucuri.net/2022/08/socgholish-5-years-of-massive-website-infections.html