A naukri.com initiative
TechJuice
3w
123
Image Credit: TechJuice
New Winos 4.0 Malware Hits Windows via Fake Installers
- A sophisticated campaign using Winos 4.0 malware targets Windows users in Chinese-speaking environments through fake installers.
- The attack starts with phishing emails posing as official notifications, leading users to download malicious software installers.
- The malware employs a multi-stage loader called Catena to silently introduce Winos 4.0 into memory.
- Security experts note the campaign initiated in early 2025, with Winos 4.0 establishing persistence, exploiting privileges, and communicating with command-and-control servers.
- Winos 4.0's delivery mechanism involves disabling Windows Defender, using reflective DLL injection for stealthy execution, and maintaining persistence through various methods.
- The malware, also known as ValleyRAT, offers remote control features like shell access, keylogging, data exfiltration, and cryptocurrency theft.
- It connects to attacker-controlled servers for encrypted communication, indicating a strategic shift towards long-term espionage by the Void Arachne group.
- Security advice includes installing software from trusted sources, updating systems regularly, using advanced threat detection tools, and educating users about phishing emails.
Read Full Article
7 Likes
For uninterrupted reading, download the app