Hackers injected malicious code into more than 250 major news sites

by James · November 5, 2022

If you’re online, you’re a target for hackers. No one is truly safe, but carelessness and lack of awareness make you more vulnerable to malware, hacks and scams.

Browsing websites and downloading files is part of the online experience, but you need to be careful. How do you know what is safe? Tap or click here for an online tool that checks websites and files for digital threats before they are opened.

No newspaper can keep up with minute-to-minute delivery of news pages. Millions of people visit these sites daily, making them a prime target for hackers. And that is what is happening now. Read on for details and what to watch out for.

Table of Contents

Be careful where you get your news

Cybersecurity researchers at Proofpoint announced via Twitter that threat actors compromised a media company that delivers video content and ads to hundreds of major news outlets.

Proofpoint Threat Research has observed intermittent injections at a media company that serves many major news outlets. This media company serves content via # Javascript to their partners. By modifying the codebase of this otherwise benign JS, it is now used to deploy #SocGholish.

— Threat Insight (@threatinsight) 2 November 2022

The hackers behind this attack, which Proofpoint calls TA569, injected malicious code into a Javascript file that was loaded by the news organizations’ websites. More than 250 regional and national newspaper sites have gained access to the malicious Javascript, which has existed since 2018 and is known as SocGholish.

The media organizations concerned serve, among other things, the following areas:

Boston.
New York.
Chicago.
Miami.
Washington DC.
Cincinnati.
Palm beach.

Visitors to the compromised sites receive software updates for Chrome, Firefox, Internet Explorer, Edge or Opera. Downloading the fake updates can infect your computer with malware and ransomware or redirect you to malicious websites.

RELATED: Check your phone! Malware apps with millions of downloads detected

How to stay safe

If you see a pop-up asking you to download something, ignore it. If you want to update a device or application, do it directly through the app or website.

Here are some more tips to avoid becoming a victim of fraud:

Protect your information — Never give out personal information if you do not know the sender of a text message or email or cannot verify their identity. Criminals only need your name, email address and phone number to scam you.
Always use 2FA — Use two-factor authentication (2FA) for better security when available. Tap or click here for details on 2FA.
Always update — Keep your devices and apps up to date with the latest software to protect against security threats. But make sure you get the updates through official sources. Not random pop-up notifications from news websites.
Feeling of urgency — Here’s a red flag: Any message asking you to “act now!” or makes you feel rushed and anxious. That’s exactly what the scammers want you to feel.
Avoid links and attachments — Do not click on links or attachments you receive in unsolicited e-mails or text messages. They can be harmful and infect your device with malware and/or steal sensitive information.
Antivirus is important — Always have a reliable antivirus program up to date and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for just $19 at ProtectWithKim.com. That’s over 85% off the regular price!