SocGholish is an initial access threat that uses drive-by-downloads that are disguised in the form of software updates. The Soc part of its name refers to social engineering, which is the primary technique used to deploy this malware. SocGholish has been active since April 2018 and is linked to suspected Russian cybercrime group identified sometimes as Evil Corp or Indrik Spider.

A SocGholish attack takes place when an unsuspecting user visits a compromised website. The site is presented in such a way that the user is lured into downloading a ZIP file and executing this payload. This typically occurs by displaying content that indicates to the user that they require some sort of update on their device, such as to their browser.

This video talks about what SocGholish is, how it works, and ways you can stay ahead of it. Watch the video to learn more—three minutes is all it takes!


Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.