{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig6xu5trldshje2b5hn23u7qdmosdfgd3mcblwuuljlow65gljtce",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mj3b246tgyc2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreickyd2r5vyc4z4ohiw56jsjigu7lewqsxzd2fcwac72ybk6mgmabe"
    },
    "mimeType": "image/webp",
    "size": 25782
  },
  "path": "/roningloader-malware-campaign-hides-behind-fake-chrome-and-teams-installers-to-disable-security-tools/",
  "publishedAt": "2026-04-09T16:26:07.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "RoningLoader malware campaign hides behind fake Chrome and Teams installers to disable security tools",
    "VPN Central"
  ],
  "textContent": "RoningLoader is a stealthy malware loader tied to DragonBreath, also tracked as APT-Q-27. It targets Chinese-speaking users and spreads through trojanized NSIS installers that pretend to be trusted software such as Google Chrome and Microsoft Teams. Elastic Security Labs documented the campaign in November 2025, while AttackIQ published a fresh adversary emulation update on April […]\n\nThe post RoningLoader malware campaign hides behind fake Chrome and Teams installers to disable security tools appeared first on VPN Central.",
  "title": "RoningLoader malware campaign hides behind fake Chrome and Teams installers to disable security tools"
}