Beware the Fox: Fake Software Installers Unleash RATs and Rootkits!

Fake installers on Chinese websites are wielding Sainbox RAT and Hidden rootkit to infect systems, Netskope reports. These impostor installers, mimicking popular software like WPS Office, deliver malware when executed. The rootkit ensures stealth, hiding processes and files. It’s suspected the China-linked Silver Fox group is behind this digital masquerade.

3P
Published: June 27, 2025 9:52 amAdded: June 27, 2025 at 3:17 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In a move that’s more predictable than a plot twist in a Hallmark movie, cybercriminals are up to their old tricks again—this time, with a side of Kung Pao chicken. These digital bandits are disguising malicious software as legitimate Chinese software, proving once again that when it comes to cybersecurity, if it looks too good to be true, it probably is.

Key Points:

  • Fake installers for popular Chinese software are spreading malware.
  • The campaign uses a Gh0stRAT variant called Sainbox RAT and the Hidden rootkit.
  • Malicious installers mimic legitimate sites but download from different URLs.
  • China-linked Silver Fox hacking group is behind this campaign.
  • The rootkit hides malicious activity and protects itself from detection.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?