A threat intelligence report from late November detailed the most prevalent cyber threats impacting organizations globally. The analysis highlighted the significant activity of the FakeUpdates malware, also known as SocGholish, which utilized compromised websites to distribute malicious payloads. The report also tracked the continued persistence of well-known malware families like Qbot and Formbook.

FakeUpdates Campaign Leverages Compromised Websites

The FakeUpdates malware dropper was identified as a primary threat during this period. Attackers injected malicious JavaScript code into legitimate websites, particularly those based on WordPress. This code presented visitors with a fake browser update prompt. When users clicked to download the supposed update, they received a malicious ZIP file. This campaign served as an initial access vector for various other malware and post-exploitation frameworks.

Qbot and Formbook Maintain Top Malware Positions

The report confirmed that the infostealer Qbot remained a dominant threat. Qbot is designed to steal user data, including banking credentials, browser information, and keystrokes. It often spreads through spam campaigns containing malicious attachments or links. Similarly, Formbook, an infostealer targeting the Windows operating system, was also listed among the top prevalent malwares. Formbook is known for its strong evasion techniques and its function of harvesting credentials from web browsers and collecting screenshots. During this period, the Education and Research sector was the most impacted industry globally.

Source: https://research.checkpoint.com/2025/24th-november-threat-intelligence-report/