Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Updated on November 17, 2025

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT.
The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic Security Labs.
“The…

Read the rest of the story at Read More

Source: The Hacker News

July 31, 2024 Uncategorized

Cybercriminals Deploy 100K+ Malware Andr...

October 15, 2024 Uncategorized

New Linux Variant of FASTCash Malware Ta...

September 5, 2025 Uncategorized

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

Related posts

Cybercriminals Deploy 100K+ Malware Andr...

New Linux Variant of FASTCash Malware Ta...

Automation Is Redefining Pentest Deliver...

Leave a Comment Cancel reply

Recent News

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide