Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors used log poisoning on exposed phpMyAdmin to deploy PHP web shells, ANTSWORD and Nezha, ultimately delivering Gh0st RAT to over 100 hosts.
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
SEO poisoning campaign uses lookalike software sites and search-ranking manipulation to deliver trojanized installers that install Gh0st RAT variants on Chinese-speaking users.