More than 2,500 iterations of a legacy RogueKiller Antirootkit Driver version dubbed "Truesight.sys" have been utilized to facilitate the deployment of the HiddenGh0st malware as part of a widespread Windows-targeted attack campaign believed to be conducted by the Silver Fox APT, reports The Hacker News.Attacks, which were primarily aimed at China, commenced with the delivery of artifacts masquerading as legitimate apps, which download the legacy Truesight driver and a second-stage payload enabling the retrieval of the endpoint detection and response-killer software and the HiddenGh0st trojan descended from Gh0st RAT, an analysis from Check Point researchers found.Additional findings showing the direct EDR/AV killer module launching of the Truesight driver suggest that its operations are not dependent of earlier stages, according to researchers."Exploiting Arbitrary Process Termination vulnerability allowed the EDR/AV killer module to target and disable processes commonly associated with security solutions, further enhancing the campaign's stealth," researchers added.
Malware, Vulnerability Management, Threat Intelligence
HiddenGh0st RAT launched through widespread Truesight.sys driver exploitation
Credit: Adobe Stock Images
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds