A novel initiative has been detected utilizing counterfeit websites promoting well-known software like WPS Office, Sogou, and DeepSeek to distribute the Sainbox RAT and the publicly available Hidden rootkit.
This activity has been linked with moderate assurance to a Chinese hacking collective known as Silver Fox (also referred to as Void Arachne), pointing to resemblances in techniques with earlier campaigns associated with the threat entity.