GhostX

GhostX is a Windows remote access trojan (RAT) and offensive intrusion framework referenced in leaked materials from the Chinese cybersecurity firm KnownSec. The content describes it as a multi-vector exploitation and persistence framework used for active intrusion. Reported capabilities include file browsing, screen monitoring, keystroke logging, password and credential extraction, endpoint monitoring, browser exploitation, user profiling, network traffic manipulation, routing manipulation, and DNS hijacking. The leaked materials also describe browser fingerprinting intended to create a durable identity signature that can track users across VPNs, proxies, and devices. GhostX is associated in the content with KnownSec’s offensive product set and is described as likely developed for or used in support of Chinese state customers, including China’s Ministry of Public Security and elements of the People’s Liberation Army. The reporting places GhostX in the broader context of government digital surveillance and offensive cyber operations. High-confidence details directly mentioned in the content identify it as targeting Windows systems and enabling credential theft, persistence, and long-term access.