More than 250 newspaper sites across the US access malicious JavaScript in malware supply-chain attack

A threat actor known as TA569 by security experts at Proofpoint have created malicious JavaScript and distributed it to more than 250 regional and national newspaper sites in the US in a malware supply-chain attack

A large number of U.S. news sites have been infected with SocGholish JavaScript malware framework (known as FakeUpdates) due to the compromised infrastructure of an undisclosed media firm.

Security experts at enterprise security firm Proofpoint says 250 U.S. news sites have been infected by the malware.

The threat actor behind the supply-chain attacks (tracked by Proofpoint as TA569) injected malicious code into a benign JavaScript file and then gets loaded by the news outlets’ websites.

In a tweet thread, the Threat Insight unit said the media company that was serving as the host for this malicious code served content to its partners using JavaScript.

The affected media organisations served:

Boston
New York
Chicago
Miami
Washington DC
Cincinnati
Palm Beach

VP of threat research and detection at Proofpoint Sherrod DeGrippo, says the media company in affected is a firm that provides video and advertising content to major news outlets.

TA569 historically removed and reinstated these malicious JS [JavaScript] injects on a rotating basis. Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn’t be considered a false positive.” says Proofpoint.

According to the firm Red Canary SocGholish is an initial access threat that leverages drive-by-downloads masquerading as software updates.

In a post about the threat the firm said SocGholish relies on social engineering to gain execution, tricking unsuspecting users into running a malicious JavaScript payload stored within a downloaded ZIP file.

Those who visit compromised websites may be infected with malware payloads disguised as fake browser updates delivered as ZIP archives.

Examples of the devlivered ZIP archives as a result of the malicious JavaScript file are:

Chromе.Uрdatе.zip
Chrome.Updаte.zip
Firefoх.Uрdatе.zip
Operа.Updаte.zip
Oper.Updаte.zip

SocGholish, recently used to backdoor networks infected with the Raspberry Robin malware was recently used in what Microsoft described as Evil Corp pre-ransomware behavior.

Tech Business News

More than 250 newspaper sites across the US access malicious JavaScript in malware supply-chain attack

Leave a Reply Cancel reply

Tech Articles

The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

The Big Tech Companies Actually Winning In 2026 — And Numbers That Prove It

The Consumers Driving Global E-Commerce Growth Are Closer to Australia Than Many Businesses Think

Recent News

CSIRO R&D program tackles growing threat of cyber attacks facing Australian businesses

Recommendations for Log4j Mitigation

Medibank confirms its customer data has been stolen by hackers.

ChatGPT About To Set A Fire Under An Already Bubbling-Hot Cyber Threat Landscape

Tech Business News

In 2026, technology news is shaping business outcomes faster than ever—driven by AI adoption, rising cyber risk, cloud modernisation, data regulation, and constant platform change.

Tech News keeps Australian organisations and industry professionals informed with timely reporting and practical coverage across AI, cybersecurity, cloud, enterprise IT, startups, science, people and business, plus major world and local news impacting the tech sector.

Tech Business News publishes news and analysis designed to be clear, relevant, and easy to act on. It supports the industry with technology news reports, whitepaper publishing services, and a range of media, advertising and publishing options

About

Contact

Tech News