logo

Nearly 15,000 infected websites cleaned in SocGholish crackdown

ID: af795ad3-c46e-5977-a691-be3983b2011f

STIX ID: report--af795ad3-c46e-5977-a691-be3983b2011f

Feed Name: Malwarebytes Blog

Threat Score
70/100

Date Published: 2026-06-19

Date Updated: 2026-06-20

...
...

Operation Endgame disrupted the SocGholish (FakeUpdates) malware ecosystem by taking down 106 servers/domains, cleaning 14,971 infected WordPress sites, and uncovering exposed credentials for roughly 1.4 million WordPress sites; the campaign, linked to Evil Corp, used compromised websites to push fake updates that installed backdoors often used to deploy ransomware. Authorities removed malware/backdoors, notified site owners, and recommended updating WordPress, enabling MFA, and changing passwords.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.