RomCom Malware Targets Engineering Firm via SocGholish

The RomCom malware family, known for its espionage and cybercrime activities, has targeted a civil engineering company using the SocGholish JavaScript loader. This marks the first observed instance of RomCom being distributed by SocGholish, a financially motivated operator. The attack, attributed to a military unit, involved fake browser update alerts to trick users into downloading malicious JavaScript. The infection chain included deploying a custom Python backdoor and a RomCom-linked DLL loader, highlighting the blending of opportunistic cybercrime with targeted military espionage.