Sunlogin security holes are being used by a new hacking effort to launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks and distribute the Sliver post-exploitation toolkit. The exploitation of the flaw leads to the installation of Gh0st RAT. However, in some cases, hackers installed XMRig CoinMiner instead of Gh0st RAT.