Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT

This report details two interconnected malware campaigns targeting Chinese-speaking users in 2025, using large-scale brand impersonation to deliver Gh0st RAT variants. The first campaign, active from February to March, mimicked three brands across over 2,000 domains. The second campaign, starting in May, impersonated over 40 applications with more sophisticated infection chains. Both campaigns used cloud infrastructure for payload delivery and DLL side-loading for evasion. The adversary demonstrated an evolving operational playbook, advancing from simple droppers to complex multi-stage infections. The campaigns' infrastructure remained active for months, indicating a persistent and well-resourced threat actor focused on Chinese-speaking targets globally.

Pulse ID: 6918168f887ca57be0147adb
Pulse Link: https://otx.alienvault.com/pulse/6918168f887ca57be0147adb
Pulse Author: AlienVault
Created: 2025-11-15 05:58:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chinese #Cloud #CyberSecurity #Doppelganger #InfoSec #Malware #Mimic #NATO #OTX #OpenThreatExchange #RAT #RCE #bot #AlienVault

Imagine, you build a #doppelgänger to distract your enemies! For the first time, researchers found #arachnids assembling fake #spiders (pictured) from tiny bits of silk, animal carcasses, and plant debris! https://www.science.org/content/article/s-no-spider-it-s-decoy

They look like art sculptures: imagine these skills and #selfawareness! The latter is usually connected with #intelligence in research ...
Study: https://onlinelibrary.wiley.com/doi/10.1002/ece3.72371

#moreThanHuman #NatureMatchCuts #ecosystem #behaviour #sculpture

Been listening to the #Doppelganger book by #NaomiKlein and it's really good. Hits on everything and very much "mirrors" my experience of trying to understand #MAGA. She is my kind of left, economics first. Her book #NoLogo was huge in developing my politics and convincing me to protest in Quebec City in 2001.

"We can be hard and critical on structures, but soft on people."

https://en.wikipedia.org/wiki/Doppelganger:_A_Trip_into_the_Mirror_World

Normalement ici si je vous pousse le lien de notre Github, vous allez y arriver pour installer le plugin #DIMA ?
C'est un index d'informations sur l'usage de technique s'appuyant sur des biais cognitifs sur les sites web. On a ajouter aussi des alertes sur les noms de domaine des opérations de manipulation de l'information documentées (#doppelganger, #RRN, #copycop)

https://github.com/M82-project/DIMA_Plugin_Chrome