Weaponized DeepSeek Installers Deploy Sainbox RAT and Hidden Rootkit
gbhackers
Netskope Threat Labs has uncovered a malicious campaign exploiting fake software installers, including those mimicking popular tools like DeepSeek, Sogou, and WPS Office, to deliver dangerous malware payloads such as the Sainbox RAT (a variant of Gh0stRAT) and the Hidden rootkit.
This operation, primarily targeting Chinese-speaking users through phishing websites and counterfeit MSI installers, showcases advanced tactics, techniques, and procedures (TTPs) reminiscent of the China-based Silver Fox adversary group.
A Sophisticated Campaign Targeting Chinese Speakers
Netskope attributes this activity to Silver Fox with medium confidence, based on the use of phishing pages, fake installers for Chinese software, Gh0stRAT variants, and the specific targeting of this demographic.
The attack begins when victims visit phishing websites designed to mirror legitimate software portals, such as the WPS Office site, tricking users into downloading malicious installers.
These installers, predominantly MSI files, execute a legitimate binary named ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE