Chinese-speaking users are targeted by a sophisticated SEO poisoning campaign that distributes malware through fake software sites. The campaign involves manipulating search rankings and using lookalike domains to infect victims with variants of Gh0st RAT, including HiddenGh0st, Winos, and kkRAT. #HiddenGh0st #Winos #kkRAT
Keypoints
- The attackers create convincing fake sites to trick users into downloading malware disguised as legitimate software.
- The malware deployment involves multi-step JSON-controlled chains that deliver trojanized installers with malicious DLLs.
- The malware uses anti-analysis techniques and checks for security software like 360 Total Security before persistence.
- Malware capabilities include C2 communication, keystroke logging, cryptocurrency wallet hijacking, and system monitoring.
- The campaign also involves exploiting GitHub-hosted phishing sites and BYOVD techniques to disable security solutions.
Read More: https://thehackernews.com/2025/09/hiddengh0st-winos-and-kkrat-exploit-seo.html