Nezha Monitoring Tool Abused to Deploy Ghost RAT Malware

Suspected state-sponsored hackers are weaponizing a legitimate open-source monitoring tool called Nezha to compromise systems across multiple regions. Attackers gain initial access by exploiting vulnerable web applications, using a creative log poisoning technique to install a web shell. The Nezha tool is then deployed to maintain control over infected machines and deliver secondary payloads, including the Ghost RAT malware. The campaign has impacted over 100 victims, with evidence suggesting a coordinated effort by a sophisticated threat actor. This incident highlights a growing trend of attackers abusing legitimate software to evade detection and carry out espionage operations.

Latest mentioned: 10-08

Earliest mentioned: 10-08

Sources

infosecurity-magazine.com thehackernews.com therecord.media huntress.com cybersum.net

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have documented significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The phishing emails employ convincing banking themes, and the infection chain comprises multiple obfuscated Visual Basic script stages. The Lampion stealer has evolved into a single 700MB DLL file, incorporating encrypted ZIP files to hinder detection.

10-31Read more →