For the first time, a RomCom payload has been observed being distributed via SocGholish

20:13 - 26 Nov 2025

securityaffairs.com

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time […]

https://securityaffairs.com/185084/security/for-the-first-time-a-romcom-payload-has-been-observed-being-distributed-via-socgholish.html

Article info:

Full Article URL: https://securityaffairs.com/185084/security/for-the-first-time-a-romcom-payload-has-been-observed-being-distributed-via-socgholish.html
Textarea URL (this page):
https://textarea.nl/i/eNo9il0KwzAIgE9ks8EGZbcxialCUovaQm-_PPXx--GIw38pOZXTJG5sDcV8KTrSe_2-1s-TUlODYII2h4CQQYBgOuYLB95dsQKjQybaQbOTXVQnyb5BFQ-TfMY0lyC4lo21i_PCMfofNdQyeg==_2025-11-26
Source: http://securityaffairs.co/wordpress/feed
Security Affairs: https://securityaffairs.co
Publication date: 2025-11-26 20:13:30
Last retrieval: 2025-11-29 11:45:18.236286