threat-intel

Attempted FAKEUPDATES Infection Blocked by DeepSeas

Summary

In early October 2024, DeepSeas blocked an attempted download of FAKEUPDATES / SocGhoulish malware by a client in the healthcare industry. The victim was redirected from a website owned by a healthcare organization in Michigan, to edveha[.]com, a site known for hosting FAKEUPDATES / SocGhoulish malware. It is possible that the intended site was unintentionally hosting an advertisement or pop-up claiming that the victim’s browser required an update. When the victim clicked the ad, it attempted to download the malware.

Get a Quote for DeepSeas MDR+

Background

FAKEUPDATES is a pervasive malware that can infect systems, allowing access to malicious actors to harvest credentials, move laterally, or infect devices with additional malware.

FAKEUPDATES Actions

Because this malware was hosted on a healthcare-related site and the incident was from a healthcare organization, the DeepSeas cyber threat intelligence crew has included IOCs related to FAKEUPDATES / SocGhoulish for network defenders to scan for potential infections.

This post was provided by the DeepSeas cyber threat intelligence crew.