International law enforcement agencies have carried out a major operation against the infrastructure of the SocGholish malware, as part of the initiative known as “Operation Endgame,” targeting one of the key components of global cybercrime. According to Dutch authorities, 14,971 compromised websites were cleaned during the operation, while 106 servers and domains used by the criminal network were taken offline. The action was conducted by authorities from the Netherlands, the United States, Canada, and Germany, with support from Europol and Eurojust. SocGholish, also known as “FakeUpdates,” is a malware strain distributed through fake browser update notifications. Attackers compromise legitimate websites, primarily those built on WordPress, and present visitors with deceptive messages encouraging them to download a fraudulent software update. Once installed, the malware provides criminals with an initial foothold on the victim’s system, allowing them to deploy additional malware, including ransomware. Investigators have revealed that credentials linked to approximately 1.4 million websites have been exposed, making them potentially vulnerable to future compromise. As a result, WordPress site owners have been urged to change passwords, enable multi-factor authentication (MFA), and keep their systems regularly updated. SocGholish is widely used as an initial access mechanism for more sophisticated cyberattacks. The malware has been linked to the notorious Russian cybercrime group Evil Corp and has served for years as an entry point for ransomware campaigns and other forms of cybercrime. Authorities emphasized that the operation represents only the first phase of actions against the SocGholish network and warned that investigations will continue in an effort to identify and prosecute those responsible.