A new phishing campaign attributed to the Chinese hacking group Silver Fox involves fake websites that advertise well-known software to distribute malware like Sainbox RAT and Hidden rootkit. These sites primarily target Chinese-speaking users, as indicated by the language of the malicious MSI installers. Research indicates similarities in tactics to prior campaigns. This ongoing activity reflects a pattern of leveraging deceptive strategies to infiltrate systems, making it a notable concern for cybersecurity experts monitoring the group's activities.
"The malware payloads include the Sainbox RAT, a variant of Gh0st RAT, and a variant of the open-source Hidden rootkit," Netskope Threat Labs researcher Leandro Fróes said.
"In July 2024, eSentire detailed a campaign that targeted Chinese-speaking Windows users with fake Google Chrome sites to deliver Gh0st RAT."
"The malicious MSI installers downloaded from the websites are designed to launch a legitimate executable named 'shine.exe,' which sideloads a rogue DLL 'libcef.dll' using DLL side-loading techniques."
"This is not the first time the threat actor has resorted to this modus operandi."
Collection
[
|
...
]