Winos 4.0 malware infects gamers through game optimization applications

Cybersecurity researchers are warning about the malware Winos 4.0, which is distributed through game-related applications such as installers and optimization tools.

Winos 4.0 is a powerful malicious platform that has been observed since June, operated by groups under the names Void Arachne and Silver Fox, enabling attackers to control multiple online devices. According to Fortinet FortiGuard Labs, Winos 4.0 is a re-engineered version of an older malware known as Gh0st RAT, featuring various components, each performing distinct functions.

These attacks primarily target Chinese-speaking users, employing tactics such as search engine optimization (SEO), social media, and messaging applications like Telegram to disseminate the malware.

When users install the malicious application, the infection process begins by downloading a fake BMP file from a remote server. This file is subsequently decoded into a DLL library, which downloads additional files from the same server. Among these is a file named “学籍系统” (Student Registration System), indicating that the attacker may be targeting educational institutions.

This malware has the capability to collect system information, copy clipboard content, and gather data from cryptocurrency wallets such as OKX Wallet and MetaMask. Winos 4.0 also allows attackers to download additional plugins from the server to capture screenshots and upload sensitive documents from the compromised system.

Fortinet notes that Winos 4.0 is a robust platform, akin to Cobalt Strike, capable of deep control over compromised systems. The attacks exploit game optimization applications to lure victims into downloading the malware unsuspectingly.

Additionally, the AhnLab Security Intelligence Center (ASEC) has identified another campaign utilizing fake gambling game websites to infect users with WrnRAT malware, which can steal information and provide remote access to attackers. ASEC warns that these attackers may monitor the activities of gambling game users, leading to financial losses.

Researchers advise users to avoid downloading applications from untrustworthy sources and to remain vigilant with game optimization tools to protect personal information and prevent fraud.

Source: The Hacker News

Related Pressroom

November 14, 2024 General News

Cisco releases patch for critical URWB vulnerability in Industrial networking systems

Cisco has issued security updates to address a critical vulnerability affecting Ultra-Reliable Wireless Backhaul (URWB) Access Points, which allows unauthenticated remote attackers to execute commands with root privileges. Ultra-Reliable Wireless Backhaul (URWB) is a highly reliable wireless transmission technology, commonly used to connect components within network systems, particularly in 5G mobile networks and industrial networks.…

November 14, 2024 General News

Canada orders closure of TikTok

The Government of Canada has mandated the dissolution of TikTok Technology Canada, a subsidiary of ByteDance, due to concerns regarding national security risks. However, this decision does not impose a ban on users, allowing them to continue accessing and using the platform without interruption. This action follows comprehensive national security assessments, including close scrutiny from…

November 14, 2024 General News

Microsoft releases patch addressing 90 new vulnerabilities

Recently, Microsoft announced two security vulnerabilities in Windows NT LAN Manager (NTLM) and Task Scheduler that are actively being exploited in the wild. These vulnerabilities are part of a total of 90 security flaws that the technology giant addressed in the November 2024 Patch Tuesday update. Among these, four vulnerabilities are classified as Critical, 85…