Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Cyber Attack Comedy: SocGholish Malware Turns BOINC into a Bad Joke!
SocGholish malware now delivers AsyncRAT and BOINC, an open-source project meant for volunteer computing. Hackers are using compromised websites to trick users into downloading fake browser updates, leading to malicious installations. This misuse of BOINC is under investigation, with 10,032 clients already affected.
Hot Take:
Who knew that in 2024, JavaScript would be less about making our web pages interactive and more about making our computers part of a grand heist scheme? It’s like “Ocean’s Eleven,” but with more code and less George Clooney.
Key Points:
- SocGholish malware is now delivering AsyncRAT and BOINC to unsuspecting users.
- BOINC, an open-source project from UC Berkeley, is being misused to connect to malicious domains.
- 10,032 clients are compromised, acting as potential vectors for ransomware.
- Compromised hosts connect to actor-controlled domains, which could be sold as initial access vectors.
- Check Point highlights the use of compiled V8 JavaScript to bypass static detections.
Already a member? Log in here