Nezha Gets a Gh0stly Upgrade: Chinese Hackers Turn Monitoring Tool into Malware Mayhem!

Threat actors with suspected ties to China have turned Nezha into a cyber weapon, launching Gh0st RAT malware through log poisoning. This creative hacking approach has affected over 100 machines, primarily in Asia, proving that even benign tools can become villainous if you have a knack for mischief and malware.

3P
Published: October 8, 2025 3:36 pmAdded: October 8, 2025 at 8:56 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew open-source tools could have a double life? Just like that one friend who volunteers at the animal shelter by day and moonlights as a DJ at night, Nezha has a secret side hustle as a cybercriminal accomplice. Looks like the internet’s got a new definition for ‘open source’—now it opens the door to your server, too!

Key Points:

  • Nezha, a legitimate open-source tool, has been weaponized by threat actors to deliver Gh0st RAT malware.
  • Log poisoning via phpMyAdmin vulnerabilities allows attackers to deploy web shells on targeted servers.
  • The attack primarily affects machines in Taiwan, Japan, South Korea, and Hong Kong, with a peculiar Russian-language dashboard.
  • The attackers used ANTSWORD web shell and Nezha agent to remotely control compromised hosts.
  • This incident underscores the dual-use nature of open-source tools in the cyber realm.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?