Finding a trusted source just became even more difficult, with more than 250 US news sites putting their viewers at risk after becoming infected with a type of malware known as SocGholish.
Visitors to the websites, which include major national publications and regional sites across New York, Boston, and Washington D.C., were encouraged to download the malware through a fake browser update.
The distribution campaign was discovered by the security firm Proofpoint last week and is currently understood to be under control. However, with the online threat reemerging since it was stamped out by the team, exercising caution when browsing news stories is still very much advised.
Hundreds of US News Sites Have Been Compromised
Thanks to the work of the cybersecurity firm Proofpoint, a widespread malware distribution campaign that targeted an undisclosed media company has now been uncovered.
According to the researchers, over 250 online publications were hijacked by cybercriminals to deliver the SocGholish JavaScript malware — otherwise known as FakeUpdates. The bad actors, which are believed to originate from Russia, infected the benign JavaScript code that the sites used to deliver content to their viewers.
“The media company in question is a firm that provides both video content and advertising to major news outlets. [It] serves many different companies in different markets across the United States.” – Researchers from Proofpoint
Once the code was corrupted, website visitors were prompted to download fake software updates. In this specific malware campaign, they were in the form of Chrome, Firefox, Internet Explorer, Edge, and Opera Updates.
At the time of writing, the compromised systems only seemed to contain malware samples. However, researchers from Proofpoint claim that this type of malware can be used to launch stage-two attacks that could also include ransomware infections.
The cybersecurity firm claims that while the attack is under control, the “situation needs to be closely monitored” as the malicious code was found to reinfect the same sites just days after the situation was first rectified.
How To Stay One Step Ahead of the Hackers
Cybercriminals are coming up with cunning new ways to outwit victims every day. This means that standard internet safety practices are no longer comprehensive enough to protect individuals and businesses from emerging threats.
If you’re serious about outsmarting malicious actors, we recommend using a number of measures in unison. Your first barrier of defense should be a strong password. This code should be at least 10 characters long and contain a mixture of numbers and special characters. And don’t worry, with a good password manager you won’t have to commit this code to memory.
The use of antivirus software and virtual private networks (VPNs) is another simple yet effective way to keep you and your business safe. By implementing these quick fixes, while practicing cyber diligence online, the chance of you falling victim to attacks will be significantly reduced.