The remote access trojan known as Gh0st RAT has been observed being delivered by an « evasive dropper » called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users.
These infections stem from a fake website (« chrome-web[.]com ») serving malicious installer packages masquerading as Google’s Chrome browser, indicating that users searching for the software on the