Intel Name: Campaign distributing chinese language trojanized installers
Date of Scan: March 20, 2025
Impact: High
Summary: A campaign in February and March 2025 registered over 2,000 malicious domains to distribute trojanized installers disguised as Chinese language software, including DeepSeek AI Assistant, i4Tools, and Youdao Dictionary. While the installers appear legitimate, they infect Windows hosts with malware, potentially Ghost RAT (gh0st RAT). The campaign primarily targets users in the United States and China, with the Professional and Legal Services industries being the most affected.
