A new cyber campaign involves fake websites promoting popular Chinese software to deliver Sainbox RAT and Hidden rootkit, linked to the Silver Fox hacking group. The campaign targets Chinese speakers and uses sophisticated DLL side-loading techniques for stealthy malware deployment. #SilverFox #SainboxRAT
Keypoints
- The campaign uses counterfeit websites advertising legitimate software like WPS Office and Sogou to distribute malware.
- The malware payloads include Sainbox RAT, a variant of Gh0st RAT, and the Hidden rootkit.
- Attackers employ DLL side-loading techniques by tricking legitimate executables into executing malicious DLLs.
- The campaign specifically targets Chinese-speaking Windows users with localized malicious installers.
- Variants of common RATs and open-source rootkits allow attackers to maintain stealth and control over compromised systems.
Read More: https://thehackernews.com/2025/06/chinese-group-silver-fox-uses-fake.html