Tag: Gh0st RAT
-
China-Linked Hackers Weaponize Nezha Monitoring Tool and Log Poisoning to Deploy Gh0st RAT on 100+ Systems
In August 2025, researchers from Huntress observed a cyberattack involving the abuse of the legitimate server-monitoring tool Nezha, which was originally designed for system performance tracking. During the campaign, threat actors — allegedly linked to China — repurposed Nezha as a remote administration and malware delivery platform for deploying the notorious Gh0st RAT. The attack…
-
The Silent Threat: How SEO Poisoning Spreads Malware
Chinese-language users became the target of a new SEO poisoning campaign that spread malware through counterfeit download sites for popular applications. Fortinet’s FortiGuard Labs reports that threat actors elevated malicious pages in Google results by abusing SEO plugins and registering domains nearly indistinguishable from the bona fide services. By making only minimal character substitutions and…
-
Silver Fox Unleashes Sainbox RAT & Hidden Rootkit Via Fake Software Installers
The Chinese hacker collective known as Silver Fox, also operating under the alias Void Arachne, has once again drawn the attention of cybersecurity experts. According to Netskope, a new malicious campaign has been uncovered in which attackers craft counterfeit websites mimicking popular software platforms—such as WPS Office, Sogou, and DeepSeek—in order to infect users’ systems…
-
Malwarebytes Exposes Malicious Google Ads Campaign Targeting Chinese Speakers
Security experts from Malwarebytes have recently uncovered a malicious campaign targeting Chinese-speaking users, who fell victim to cybercriminals through the Google Ads advertising service. Cybercriminals exploited Google advertiser accounts to create fraudulent ads that redirected users to web pages from where a Remote Access Trojan (RAT) was downloaded. This program allows attackers to gain complete…