Hackers have increasingly targeted South Korean Internet cafés by exploiting management software to install cryptocurrency mining malware, including Gh0st RAT and T-Rex CoinMiner. The campaign indicates sophisticated, China-related threat actors focusing on covert mining operations and system control. #Gh0stRAT #T-RexCoinMiner
Keypoints
- Cybercriminals target Internet cafés in South Korea using specialized management software vulnerabilities.
- The attackers utilize Gh0st RAT to gain remote control and deploy cryptocurrency miners like T-Rex CoinMiner.
- Malware includes obfuscated droppers and persistence tools such as Patcher and KillProc.
- Communication with command servers uses customized signature strings, emphasizing advanced techniques.
- Operators are advised to update systems, monitor specific IoCs, and secure management software against infection.
Read More: https://gbhackers.com/hackers-use-gh0st-rat-to-hijack-internet-cafe/1748613632