SocGholish Delivers AsyncRAT and BOINC
1. SocGholish, a JavaScript downloader, is used to deliver AsyncRAT and the legitimate BOINC project.
2. BOINC, an open-source computing platform, is exploited to connect to C2 servers for data collection and further commands.
3. Malicious installations connect to domains "rosettahome[.]cn" or "rosettahome[.]top," with 10,032 clients connected as of July 15.
4. BOINC is disguised as "SecurityHealthService.exe" or "trustedinstaller.exe" and sets up persistence with a PowerShell script.
5. The use of BOINC for malicious purposes is being investigated by project maintainers, with evidence dating back to June 26, 2024.
#socgholish
#asyncrat
#boinc
#roboticssecurity
#cyberthreats
#malware
#cybersecurity
#threatdetection
#infosec
#remoteaccesstrojan
#cyberdefense
#roboticshacking
#cyberattack
#advancedthreats
#cyberrisks
1. SocGholish, a JavaScript downloader, is used to deliver AsyncRAT and the legitimate BOINC project.
2. BOINC, an open-source computing platform, is exploited to connect to C2 servers for data collection and further commands.
3. Malicious installations connect to domains "rosettahome[.]cn" or "rosettahome[.]top," with 10,032 clients connected as of July 15.
4. BOINC is disguised as "SecurityHealthService.exe" or "trustedinstaller.exe" and sets up persistence with a PowerShell script.
5. The use of BOINC for malicious purposes is being investigated by project maintainers, with evidence dating back to June 26, 2024.
#socgholish
#asyncrat
#boinc
#roboticssecurity
#cyberthreats
#malware
#cybersecurity
#threatdetection
#infosec
#remoteaccesstrojan
#cyberdefense
#roboticshacking
#cyberattack
#advancedthreats
#cyberrisks