Gh0st RAT, a decades-old open-source remote administration tool (RAT), recently appeared in phishing campaigns targeting a healthcare organization. Gh0st Remote Administration Tool was created by a Chinese hacking group named C. Rufus Security Team that released it publicly in 2008. The public release of Gh0st RAT source code made it easy for threat actors to obtain and tailor the tool to their needs. Its feature set expanded over the years to include various surveillance, persistence, and information-stealing capabilities:
- Taking full control of the infected machine
- Recording keystrokes in real time with offline logging available
- Accessing live web cam feeds including microphone recording
- Downloading files remotely
- Remote shutdown and reboot
- Disabling user input
Open-Source Gh0st RAT Still Haunting Inboxes 15 Years After Release
Gh0st RAT Still Haunting Inboxes