What We Do
How We Do
Get Started

Socgholish Malware: Rapid Detection and Removal


Socgholish is a Javascript-based malware that uses drive-by social engineering tactics, specifically through the use of fake software and browser updates, to lure victims into downloading the malicious payload. Once a victim downloads an infected file, the malware leads to the rapid deployment of various types of ransomware (e.g., Lockbit).

Rapid detection and complete remediation of SocGholish is critical to prevent attackers from getting initial access to victim organizations. In recent months, eSentire identified a significant increase in Socgholish malware incidents that progressed to a hands-on intrusion phase in as quickly as 10 minutes.

In this video, Spence Hutchinson, Staff Threat Intelligence Researcher, discusses how our Threat Response Unit (TRU) detected and responded to cyberattacks that leverage Socgholish.

Watch The Video