SocGholish, also known as FakeUpdates, is a type of malware that disguises itself as a legitimate software update, often using social engineering tactics to trick users into downloading and installing it. Written in JavaScript and is distributed through malicious or compromised websites. It uses fake software updates, such as browser updates or Flash updates, to trick users into downloading the malware. Once installed, it can lead to various malicious activities such as data theft, unauthorized access, and more.

Identifying SocGholish Malware

  • Unexpected Pop-ups: Watch for pop-ups that prompt you to update software like Adobe Flash Player or your web browser, especially if these pop-ups appear on sites where you wouldn’t expect them.
  • Performance Issues: Notice any unusual slowdowns, crashes, or other performance issues on your system.
  • New and Unwanted Programs: Check for unfamiliar programs or applications that you don’t remember installing.
  • Suspicious Network Activity: Monitor network traffic for unusual activity or connections to unknown servers.
  • Antivirus Alerts: Pay attention to alerts from your antivirus software, especially those related to unauthorized changes or new programs.

How to Handle SocGholish Malware

  • Disconnect from the Internet: To prevent further communication with command and control servers, disconnect your computer from the internet.
  • Boot into Safe Mode: Boot your computer into Safe Mode to prevent the malware from running during startup. The process varies slightly depending on the operating system:
    • For Windows: Restart your computer and press F8 (or Shift + F8) before Windows starts to load. Select “Safe Mode with Networking” from the Advanced Boot Options menu.
    • For macOS: Restart your Mac and hold down the Shift key immediately after you hear the startup sound. Release the Shift key when you see the Apple logo.

Use Malware Removal Tools

Download and run reputable anti-malware software to scan and remove SocGholish malware. Here are a few recommended tools:

  • Malwarebytes: Known for its effectiveness in detecting and removing malware.
  • HitmanPro: Another good tool for detecting and removing malware.
  • AdwCleaner: Useful for removing adware and potentially unwanted programs (PUPs).

Steps to Scan:

  • Download and install the anti-malware software.
  • Update the software to the latest version.
  • Run a full system scan and follow the prompts to remove any detected malware.

Manual Removal (Advanced Users)

  • If the malware persists, you might need to manually identify and remove malicious files and registry entries. This process is risky and should only be attempted by advanced users:

  • Windows:

  • Open Task Manager (Ctrl + Shift + Esc) and look for suspicious processes.

  • Open File Explorer and navigate to common malware locations like C:\Program Files, C:\Program Files (x86), and C:\Users\[Your Username]\AppData.

  • Check the Windows Registry for suspicious entries by typing regedit in the Run dialog (Win + R). Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and look for unusual entries.

  • macOS:

  • Open Activity Monitor from the Utilities folder and look for suspicious processes.

  • Navigate to the Applications and Library folders to find and remove suspicious files.

Reset Browser Settings

Since SocGholish often targets browsers, reset your browser settings to default.

  • Google Chrome

Go to Settings > Advanced > Reset and clean up > Restore settings to their original defaults.

  • Mozilla Firefox

Go to the menu (three lines) > Help > Troubleshooting Information > Refresh Firefox.

  • Microsoft Edge

Go to Settings > Reset settings > Restore settings to their default values.

Updates

Ensure that your operating system, browsers, and all other software are up to date with the latest security patches.

Change Passwords

After removing the malware, change all your passwords, especially those for sensitive accounts.

Monitor for Residual Issues

Keep an eye on your system for any signs of residual infection. Regularly scan your computer with updated antivirus software.

Preventing Future Infections

  • Avoid Clicking on Suspicious Links: Be cautious with links and attachments in emails, especially from unknown sources.
  • Keep Software Updated: Regularly update your operating system, browsers, and other software to patch vulnerabilities.
  • Use Reputable Security Software: Install and maintain reputable antivirus and anti-malware software.
  • Educate Yourself and Others: Stay informed about the latest cyber threats and educate others about safe online practices.