2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

A large-scale malware campaign is exploiting a vulnerable Windows driver, truesight.sys, to deliver the Gh0st RAT malware. The attackers generated thousands of driver variants to bypass detection and disable endpoint detection and response (EDR) software. The campaign culminates in the deployment of HiddenGh0st, a variant of Gh0st RAT, enabling remote control of compromised systems.