Summary: A sophisticated malware campaign has leveraged a vulnerable Windows driver associated with Adlice to deploy Gh0st RAT malware while evading detection through numerous modified driver variants. Attackers utilized a bring your own vulnerable driver (BYOVD) technique to disable endpoint detection and response solutions. The campaign is potentially linked to the Silver Fox APT threat actor, which employs deceptive distribution methods to deliver malware.
Affected: Adlice and users of affected Windows systems
Keypoints :
- Attackers modified the Truesight driver to create multiple undetectable variants while maintaining a valid digital signature.
- The campaign utilizes first-stage malicious samples disguised as legitimate applications, distributed through fraudulent websites and messaging platforms.
- Exploiting an arbitrary process termination vulnerability, the EDR/AV killer module can independently disable security software, enhancing the stealth of the attack.
Source: https://thehackernews.com/2025/02/2500-truesightsys-driver-variants.html