Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

SocGholish malware downloader hijacking WordPress sites

Malware Activity
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

SocGholish is a long-running JavaScript-based malware downloader that hijacks legitimate WordPress sites to push fake browser updates, creating a persistent path for visitor infection and follow-on payload delivery. The activity has been used since at least 2017 and is linked to Evil Corp. Once installed, the malware can open attacker access and stage additional malware families.

Related Happenings

Operation Endgame takedown of SocGholish and Evil Corp infrastructure

Law Enforcement
H score54 First: 18.06.2026 16:25 Last: 18.06.2026 16:25 Sources 1

How related: International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group.

About this happening: International law enforcement **cleaned 14,971 WordPress sites** and **took 106 servers and domains offline** in a coordinated **takedown** of **SocGholish** infrastructure linked...

Open Happening

Timeline

  1. 18.06.2026 16:25 2 articles · 1h ago

    Law enforcement cleans 14,971 SocGholish-infected WordPress sites

    Industry Or Public Sector Update

    Authorities from the Netherlands, Canada, the United States, and Germany removed SocGholish malware from 14,971 compromised WordPress websites and took 106 servers and domains offline as part of Operation Endgame, a Europol- and Eurojust-supported effort targeting the infection chain linked to Evil Corp.

    Show sources
    Open in new tab