The threat actor, identified as Dragon Breath, has been utilizing a sophisticated multi-stage loading technique labeled RONINGLOADER. Its primary objective appears to be the distribution of a modified version of a remote access trojan named Gh0st RAT. This malicious campaign is predominantly aimed at Chinese-speaking users, raising concerns about specific geographic targeting.
According to recent insights from Elastic Security Labs, the attackers employ trojanized NSIS installers that impersonate legitimate software packages, including popular applications like Google Chrome and Microsoft Teams. This method enhances the likelihood of successful infiltrations, as unsuspecting users may download what they believe are legitimate programs. Such tactics underline the increasing sophistication of cyber threats and the importance of vigilance in cybersecurity practices.
👉 Pročitaj original: The Hacker News
