Malware, Application security, Threat Intelligence

Gh0st RAT, Mimikatz spread via new UULoader malware

Privacy concept: pixelated words Malware on digital background, 3d render

Threat actors have leveraged the novel UULoader malware camouflaging as legitimate app installers for Chinese and Korean users to facilitate compromise with the Gh0st RAT and Mimikatz payloads, according to The Hacker News.

Integrated within UULoader was an archive file with two main executables that did not have their file headers, with the first being a binary enabling DLL file side-loading of the final-stage payloads, an analysis from the Cyberint Research Team revealed. Attacks with UULoader also involved the execution of a decoy file. "This usually corresponds to what the .msi file is pretending to be. For example, if it tries to disguise itself as a 'Chrome update,' the decoy will be an actual legitimate update for Chrome," said Cyberint researchers. Such a development comes after Gh0st RAT was reported by eSentire to have been distributed in attacks using fraudulent Google Chrome installers against Windows users across China.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds