top of page
perceptive_background_267k.jpg

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

Published:

26 november 2025 om 08:28:00

Alert date:

5 december 2025 om 08:03:22

Source:

thehackernews.com

Click to open the original link from this advisory

The RomCom threat group has been observed using the SocGholish JavaScript loader in fake update attacks to deliver Mythic Agent malware. This represents the first documented case of RomCom payload being distributed through SocGholish infrastructure. The attack targeted a U.S.-based civil engineering company, demonstrating the group's continued evolution in delivery mechanisms. Arctic Wolf Labs attributed this activity with medium-to-high confidence, highlighting a significant shift in RomCom's operational tactics.

Technical details

Mitigation steps:

Affected products:

Related links:

https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page