A recent report from Check Point highlights a significant malware campaign exploiting a vulnerable Windows driver from Adlice's products to deploy Gh0st RAT malware. The attackers have created thousands of variants of the old RogueKiller Antirootkit Driver to bypass detection systems. This "bring your own vulnerable driver" (BYOVD) attack method allows them to disable endpoint detection and response (EDR) software. Evidence points to potential links to the Silver Fox APT group due to similarities in attack patterns and methods used during the campaign.
Check Point warned that the attackers are using malicious variants of a vulnerable Windows driver to deliver Gh0st RAT while evading detection.
The malicious campaign, described as a BYOVD attack, has generated around 2,500 variants of a legacy driver to bypass endpoint security systems.
Collection
[
|
...
]