In August 2025, cybersecurity researchers at Huntress identified threat actors with suspected Chinese ties exploiting Nezha, a legitimate open-source monitoring tool. They repurposed it as an attack vector to deliver the widely known Gh0st RAT malware to targets. The attackers employed an unusual technique called log poisoning, also known as log injection, which allowed them to plant web shells on compromised systems.
This novel use of an open-source tool in cyberattacks highlights an evolving threat landscape where legitimate software can be manipulated for malicious purposes. The risks involve unauthorized access, data theft, and further system compromise through the installed web shells. Such activity underscores the challenges cybersecurity professionals face in detecting and mitigating sophisticated injection attacks.
The implications extend to organizations relying on common open-source tools, emphasizing the need for enhanced monitoring and validation of these applications. Understanding adversaries’ tactics allows defenders to improve defenses against similar injection and malware delivery methods. This case also stresses the importance of supply chain security in safeguarding IT infrastructure.
👉 Pročitaj original: The Hacker News
