Network Security, Malware, Threat Intelligence

Novel dropper leveraged for Gh0st RAT deployment

Privacy concept: pixelated words Malware on digital background, 3d render

Threat actors have leveraged the new Gh0stGambit dropper to distribute the Gh0st RAT malware in drive-by download attacks against Chinese Windows users, The Hacker News reports.

Malicious Google Chrome-spoofing installer packages hosted on a fraudulent Chrome website facilitated the deployment of a legitimate Chrome setup executable and a trojanized installer that loads Gh0stGambit, which then verifies active security software before fetching Gh0st RAT, an eSentire analysis revealed.

Aside from featuring process termination, file removal, remote command execution, and data exfiltration capabilities, Gh0st RAT could also facilitate Mimikatz delivery, remote desktop protocol activation, Windows event log removal, and browser data erasure, according to researchers, who also noted similarities between the identified malware and the Gh0st RAT variant "Hidden Ghost" discovered by AhnLab Security Intelligence Center researchers.

"The recent findings highlight the distribution of this threat via drive-by downloads, deceiving users into downloading a malicious Chrome installer from a deceptive website," said eSentire researchers.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds