The threat actor Dragon Breath, also known as APT-Q-27 and Golden Eye, has been observed using a multi-stage loader called RONINGLOADER to deploy a modified variant of the remote access trojan Gh0st RAT, primarily targeting Chinese-speaking users. The campaign employs trojanized NSIS installers disguised as legitimate applications, such as Google Chrome and Microsoft Teams. The infection chain utilizes various evasion techniques, including a legitimately signed driver, custom Windows Defender Application Control policies, and manipulation of the Microsoft Defender binary.
RONINGLOADER's attack chain involves delivering a DLL and an encrypted file labeled "tp.png," which contains shellcode. It attempts to neutralize security products by terminating processes associated with popular antivirus solutions in the region. Specific actions are taken against Qihoo 360 Total Security, including blocking network communication, injecting shellcode into the Volume Shadow Copy service, and restoring firewall settings. For other security processes, RONINGLOADER directly writes a driver to disk to perform process termination.
The malware aims to inject a rogue DLL into "regsvr32.exe" to conceal its activities and launch a next-stage payload into high-privilege system processes. The final payload is a modified version of Gh0st RAT, capable of communicating with a remote server, configuring Windows Registry keys, clearing Windows Event logs, and capturing keystrokes and clipboard contents.
Additionally, two interconnected malware campaigns identified by Palo Alto Networks Unit 42 employed brand impersonation to deliver Gh0st RAT to Chinese-speaking users. The first campaign, Campaign Trio, occurred between February and March 2025, while the second, Campaign Chorus, detected in May 2025, impersonated over 40 applications. Both campaigns utilized complex infection chains and trojanized installers hosted on domains that circumvented network filters. The second campaign also involved an embedded Visual Basic Script for launching the final payload through DLL side-loading.
Valve has unveiled the Steam Frame wireless VR headset, which seamlessly integrates Android gaming applications to simplify the gaming experience for users. The headset can utilize existing Android APKs and is equipped with a Qualcomm Snapdragon Arm-based chip to run Android applications without conversion. Valve has also introduced updated controllers, a refreshed Steam controller, and the next-generation Steam Machine alongside the Steam Frame. Pricing and release dates for these new products are yet to be confirmed.
Valve has unveiled the Steam Frame wireless VR headset that supports Android games, aiming to provide a seamless gaming experience for players. The headset will use the same Android APKs that developers use for Meta Quest, allowing for a wide range of gaming options. Valve is launching a developer kit program to assist developers in bringing their Android games to Steam Frame.
Bill Peebles, head of OpenAI's Sora, announced that Sora is now available on the leading mobile operating system but is currently restricted to select regions: United States, Canada, Taiwan, Thailand, and Vietnam.
Sora 2, OpenAI's latest AI video generation app, has expanded its availability to Android users, following its initial release for Apple devices. The app is now accessible via the Play Store in select countries, including Canada, the United States, Japan, Korea, Taiwan, Thailand, and Vietnam. OpenAI has faced controversies regarding the app's ability to recreate the likenesses of celebrities and historical figures, leading to legal challenges and apologies from CEO Sam Altman. In response, OpenAI has adjusted its policies to require explicit consent from celebrities for the use of their likenesses and implemented safeguards to prevent the creation of videos featuring individuals who have opted out.
OpenAI has expanded its Sora app, designed for generating AI-driven videos, to Android devices as of Tuesday, following its initial launch for Apple users in September. The app has achieved over 1 million downloads within five days and reached the top of Apple's App Store for nearly three weeks, currently ranking fifth among the top free apps. Sora is now available on the Google Play Store in the U.S., Canada, Japan, South Korea, Taiwan, Thailand, and Vietnam, with plans for expansion into European markets. The app allows users to create and share AI-generated videos based on written prompts and is currently open to all users for a limited time. OpenAI has also entered a seven-year partnership with Amazon to scale its ChatGPT capabilities.
OpenAI has launched its Sora mobile app for Android users, available for download on the Google Play Store in regions including the United States, Canada, Japan, Taiwan, Thailand, Vietnam, and Korea. The app was initially launched in September 2024, achieving over 1 million downloads within five days and ranking as the fifth most popular free app on the Apple App Store. Bill Pebbles, the director of Sora, announced plans to expand the app's availability to European users. Sora combines natural language understanding with the ability to generate images and animations, allowing users to create short videos from text prompts. The app features a social media-like interface with user-generated content that can be remixed and shared. OpenAI has implemented digital watermarks and metadata to identify Sora-generated videos and has established control systems to mitigate misuse concerns.
- MagFone Location Changer V3.0.0 can manage multiple devices across iOS and Android platforms simultaneously.
- Game Mode for iOS devices allows gamers to simulate precise GPS coordinates without restrictions.
- The software now supports Japanese and Traditional Chinese languages for a more localized experience.
- Performance improvements include reduced loading times, improved GPS signal accuracy, and enhanced multi-device management speed.
The Chinese APT group Jewelbug infiltrated a Russian IT provider undetected for five months. They have increased their activity, targeting Russian entities as well as interests in South America, South Asia, and Taiwan. Jewelbug used a disguised version of the Microsoft Console Debugger (CDB) to bypass security measures and exfiltrate data. They cleared Windows Event Logs to avoid detection and used Yandex Cloud for data exfiltration. Symantec's report indicates that Russian organizations are vulnerable to attacks from Chinese state-sponsored groups.
