Chinese malware attacks fueled by fraudulent software lures

Intrusions involving counterfeit versions of widely used software have been launched to target Chinese-speaking users with various malicious payloads as part of separate campaigns, The Hacker News reports. Threat actors leveraged search engine optimization poisoning techniques to compromise results for Google Chrome, Signal, Telegram, WhatsApp, DeepL Translate, and WPS Office, which would redirect to fake sites that include an installer for the Gh0st RAT variants HiddenGh0st and Winos, also known as ValleyRAT, an analysis from Fortinet FortiGuard Labs researchers revealed. "The installers contained both the legitimate application and the malicious payload, making it difficult for users to notice the infection," said Fortinet. Another report from Zscaler ThreatLabz detailed the exploitation of GitHub pages for hosting illicit websites that impersonate DingTalk and other popular software among Chinese users to distribute Winos, FatalRAT, and the novel kkRAT payload since May. Aside from enabling screen capturing, user input simulations, clipboard data compromise, and remote desktop functionality, kkRAT also allows remote command execution, active network connection list generation, and GotoHTTP and Sunlogin delivery, according to Zscaler.