Beware of these US news websites! They are spreading malware | Tech News

Beware of these US news websites! They are spreading malware

As many as 250 US news websites have been compromised and they are being used too spread malware on your phones and systems.

By: HT TECH
| Updated on: Nov 03 2022, 19:22 IST
ALERT! Do you use USB devices? Beware! Your Windows computer under threat from Malware
malware
1/5 Red Canary: cybersecurity researchers have discovered a new malware that spreads to Windows computers through infected USB drives. However as of now, researchers are unaware of how it happens. (REUTERS)
malware
2/5 According to Tech Radar, the cybersecurity researchers did not name the malware but linked it to the group of malicious actors they call Raspberry Robin. (Pixabay)
malware
3/5 According to the report by researchers, "While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes." (REUTERS)
malware
4/5 The malware spreads to new devices via an infected .LNK file. Once someone plugs in the USB drive, the malware runs the infection process via command prompt. (REUTERS)
malware
5/5 The researchers said, "We also don't know why Raspberry Robin installs a malicious DLL, one hypothesis is that it may be an attempt to establish persistence on an infected system, though additional information is required to build confidence in that hypothesis." (MINT_PRINT)
malware
icon View all Images
Here is all you need to know about SocGholish JavaScript malware attack that is being spread via hundreds of US news websites. (Pixabay)

If you love reading news, especially the kind available in the US, then BEWARE! These US news websites are being used by hackers to spread malware to your phones and systems. Several new techniques are being used to spread malware. As per the latest details, compromised infrastructure of an undisclosed media company is being used to deploy the SocGholish JavaScript malware (also known as FakeUpdates) on the websites of hundreds of newspapers, last count was 250, across the United States (US). Threat Insights informed about the same over its Twitter handle saying that, "Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via #Javascript to its partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish."

The threat actor behind this supply-chain attack has been identified as TA569, according to Proofpoint's Threat Insight team. "We track this actor as #TA569. TA569 historically removed and reinstated these malicious JS injects on a rotating basis. Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn't be considered a false positive," it tweeted.

Proofpoint further observed that TA569 has inserted malware in the assets of the media company, which is used by multiple news organizations. More than 250 regional/national newspaper sites have been infected by the code. The actual number of impacted hosts is known only by the impacted media company.

It can be known that the impacted media organizations serve: Boston, New York, Chicago, Miami, Washington DC, Cincinnati, Palm Beach, and other national news outlets. Also, according to a report by BleepingComputer, Sherrod DeGrippo, VP of threat research and detection at Proofpoint has informed, "The media company in question is a firm that provides both video content and advertising to major news outlets. [It] serves many different companies in different markets across the United States."

It can be known that Proofpoint has earlier observed that the SocGholish campaigns use fake updates and website redirects to infect users, including, in some cases, ransomware payloads.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 03 Nov, 18:39 IST
Tags:
NEXT ARTICLE BEGINS