RomCom Malware’s Hilarious Debut: SocGholish Delivers Malware in a New Comedic Twist!

For the first time, a RomCom payload has been delivered via SocGholish, marking a new chapter in malware distribution. Arctic Wolf Labs observed this peculiar cyber romcom unfold, targeting a U.S. civil engineering firm. With RomCom’s pro-Russia agenda, it’s clear that even malware has a type.

3P
Published: November 26, 2025 9:01 pmAdded: November 26, 2025 at 1:31 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

It looks like cybercriminals have traded in their classic espionage for some romantic comedy—RomCom malware, that is. With SocGholish as their Cupid, they’re delivering payloads faster than you can say “You’ve Got Mail!” Who knew malware could have such a sense of humor?

Key Points:

  • RomCom malware makes its debut via SocGholish, targeting a U.S. civil engineering firm.
  • SocGholish uses fake browser updates to trick users into downloading malware.
  • RomCom aligns with Russian interests, targeting entities linked to Ukraine.
  • Infection progresses from JavaScript to PowerShell reconnaissance before loader deployment.
  • The attack is linked with Russia’s GRU Unit 29155, a group notorious for cyber-espionage.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?