#gh0st-rat

[ follow ]
#dragon-breath #roningloader #nsis-trojanized-installers #evasion-techniques #log-poisoning #phpmyadmin
Information security
fromThe Hacker News
5 days ago

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Dragon Breath uses a multi-stage RONINGLOADER delivered via trojanized NSIS installers to deploy a modified Gh0st RAT while employing extensive evasion techniques.
Information security
fromThe Hacker News
1 month ago

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Threat actors used log poisoning on exposed phpMyAdmin to deploy PHP web shells, ANTSWORD and Nezha, ultimately delivering Gh0st RAT to over 100 hosts.
fromThe Hacker News
2 months ago

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character substitutions, they tricked victims into visiting spoofed pages and downloading malware."
Information security
[ Load more ]