An undisclosed media organization serving Boston, New York, Chicago, Miami, and other major cities has been hit by cybercriminals who are deploying malware on more than 250 newspaper websites, Proofpoint Threat Research reported on Twitter.
Proofpoint has identified the bad actor as TA569. The attack vector injects malicious code into a benign JavaScript file that in turn is picked up and installed to the websites of affected news outlets.
The affected file then installs SocGholish, and anyone who visits the attacked websites will encounter fake browser updates filled with hidden malware payloads.
The media company in question supplies video content and advertising to major news outlets via JavaScript.
For more information on SocGholish, also known as FakeUpdates, and other malware attacks, Proofpoint offered this threat insight in June 2021.
