Malware, Application security, Threat Intelligence
Gh0st RAT, Mimikatz spread via new UULoader malware

Today’s columnist, Callie Guenther of Critical Start, offers a primer on this year’s leading malware strains. (Adobe Stock)
Threat actors have leveraged the novel UULoader malware camouflaging as legitimate app installers for Chinese and Korean users to facilitate compromise with the Gh0st RAT and Mimikatz payloads, according to The Hacker News. Integrated within UULoader was an archive file with two main executables that did not have their file headers, with the first being a binary enabling DLL file side-loading of the final-stage payloads, an analysis from the Cyberint Research Team revealed. Attacks with UULoader also involved the execution of a decoy file. "This usually corresponds to what the .msi file is pretending to be. For example, if it tries to disguise itself as a 'Chrome update,' the decoy will be an actual legitimate update for Chrome," said Cyberint researchers. Such a development comes after Gh0st RAT was reported by eSentire to have been distributed in attacks using fraudulent Google Chrome installers against Windows users across China.
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds