Listen to the episode
TLDR
Operation Endgame dismantled the SocGholish (FakeUpdates) framework, which hijacked ~15,000 legitimate WordPress sites to serve convincing fake browser and software update prompts to everyday visitors. Anyone browsing trusted local...
How it works
Operation Endgame dismantled the SocGholish (FakeUpdates) framework, which hijacked ~15,000 legitimate WordPress sites to serve convincing fake browser and software update prompts to everyday visitors. Anyone browsing trusted local...
Red flags
- A pop up urging you to "update Chrome / Flash / your browser" while browsing a normal business site
- Being redirected to an unfamiliar download page after clicking a link on a trusted site
- The update is an .exe or .msi file, not delivered through your normal browser/OS updater. What to do
- Never install updates prompted by a website. Update Chrome, Firefox, Edge, and OS only via their built in updaters or official vendor pages
- Enable automatic updates for your browser, OS, and plugins; uninstall obsolete components like Flash or Java
What to do
- 1Never install updates prompted by a website.
Source
malwarebytes
Source reviewed by Mythos Forensic Team
https://www.malwarebytes.com/blog/news/2026/06/nearly-15000-infected-websites-cleaned-in-socgholish-crackdownFAQ
Is SocGholish fake update scam disrupted: nearly 15000 hacked WordPress sites cleaned a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
A pop up urging you to "update Chrome / Flash / your browser" while browsing a normal business site; Being redirected to an unfamiliar download page after clicking a link on a trusted site; The update is an .exe or .msi file, not delivered through your normal browser/OS updater. What to do
What should I do first?
Never install updates prompted by a website.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.