A new Silver Fox Malware Attack has been discovered, specifically targeting Chinese-speaking users through fake software websites. The Silver Fox Malware Attack is a major cyber threat where the Chinese hacking group Silver Fox (also called Void Arachne) uses fake websites to spread Sainbox RAT and a Hidden rootkit, creating serious cybersecurity risks.
The phishing websites, such as wpsice[.]com, advertise popular software like WPS Office, Sogou, and DeepSeek. These websites are carefully crafted to look legitimate but actually distribute malicious MSI installers in the Chinese language, clearly showing that the Silver Fox Malware Attack is specifically aimed at Chinese-speaking users.
According to Netskope Threat Labs, the installer runs a trusted file called shine.exe, which loads a dangerous DLL named libcef.dll. This DLL pulls hidden code from a text file (1.txt) and executes the Sainbox RAT.
The malware also contains a rootkit driver based on the open-source Hidden project. This rootkit allows attackers to hide malware files, processes, and registry keys from system monitoring tools, making the attack stealthy and hard to detect.
The Sainbox RAT can steal sensitive information, download additional malware, and give attackers remote control of infected systems. This makes it a serious threat to targeted users and organizations.
Silver Fox has a history of using similar methods:
July 2024: Fake Google Chrome sites were used to spread Gh0st RAT.
February 2025: Fake Chrome download pages delivered ValleyRAT malware.
September 2023: Silver Fox campaigns used Sainbox RAT and Purple Fox malware.
CCIE Academy students should always download software from verified and official websites to avoid falling victim to cyber-attacks. It is essential to stay aware of common malware delivery methods, such as DLL sideloading and rootkit-based hiding techniques, which attackers use to bypass security controls. Staying continuously informed about the latest cybersecurity threats and trends will help protect systems and build stronger defensive skills for real-world scenarios.
CCIE Academy is a trusted training center providing expert-led courses in networking, cybersecurity, and IT certifications. We focus on hands-on labs, real-world scenarios, and the latest technologies to prepare students for global certifications like CCNA, CCNP, CCIE, and more. Our mission is to build future-ready IT professionals.
