Cybercriminal group TA569 has modified and deployed malicious JavaScript code into hundreds of websites that are pushing the SocGholish malware onto machines that access them. According to Proofpoint, TA569 was able to compromise a media company that delivers content to these websites.
Proofpoint assessed that 250 U.S. websites are distributing the SocGholish malware through a compromised JavaScript code. These include major national and regional newspaper websites hailing from Boston, New York, Chicago, Miami, Washington, DC; Cincinnati, Palm Beach, etc., that accessed said code owned by a media company.
“The actual number of impacted hosts is known only by the impacted media company,” Proofpoint said. Leveraged across 98% of websites currently, JavaScript enjoys near ubiquity, forming the backbone of how content is delivered on the world wide web. The programming language is the latest tool that threat actors are using to distribute the five-year-old malware.
“SocGholish, or ‘TA569’ has spread malware in various ways over the years ranging from websites running vulnerable versions of WordPress and Drupal, QNAP Worms like Raspberry Robin, and…
