logo

Nearly 15,000 infected websites cleaned in SocGholish crackdown

ID: a213d63a-1c29-56a7-afef-b243f244ab01

STIX ID: report--a213d63a-1c29-56a7-afef-b243f244ab01

Feed Name: Security Boulevard

Threat Score
70/100

Date Published: 2026-06-19

Date Updated: 2026-06-20

Author: Malwarebytes

...
...

International law enforcement (Operation Endgame) disrupted the SocGholish/FakeUpdates malware operation—linked to Evil Corp—by taking down 106 servers/domains and cleaning 14,971 infected WordPress sites that were redirecting visitors to fake update prompts which installed backdoors commonly used to deploy ransomware; investigators also discovered exposed credentials for ~1.4 million WordPress sites and removed malware/backdoors while notifying affected owners.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.