#CheckPoint Research analyzed #GachiLoader, a Node.js–based #malware loader observed in a campaign linked to the #YouTube #GhostNetwork. The campaign is notable for extensive obfuscation and a previously undocumented PE injection technique. GachiLoader deploys a second-stage loader, #Kidkadi, which abuses Vectored Exception Handling (VEH) in a novel method, dubbed Vectored Overloading.

https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/