Fake installers mimicking legitimate Chinese software websites are spreading a remote access trojan called Sainbox RAT and a rootkit, enabling stealthy system control. The campaign is attributed to the China-linked Silver Fox hacking group, demonstrating sophisticated malware deployment tactics. #SilverFox #SainboxRAT
Keypoints
- Fake installers are disguised as popular Chinese software like WPS Office, Sogou, and DeepSeek.
- The malware uses legitimate-looking MSI and PE files to deploy malicious DLLs and drop shellcode.
- The Sainbox RAT allows attackers to fetch additional payloads and steal sensitive information.
- The embedded rootkit conceals processes, files, and registry keys, enhancing stealth and persistence.
- The campaign is linked to the China-based Silver Fox hacking group, known for advanced persistent threat activities.
Read More: https://www.securityweek.com/chinese-hackers-target-chinese-users-with-rat-rootkit/