New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps
Nov. 6, 2024, 5:34 p.m.
Description
A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, capture clipboard content, gather cryptocurrency wallet data, and enable backdoor functionality. Winos 4.0 also allows for additional plugins to capture screenshots and upload sensitive documents. The framework is considered powerful, similar to Cobalt Strike and Sliver, and exploits users' trust in game optimization tools to deploy deep system control.
Tags
Date
- Created: Nov. 6, 2024, 4:21 p.m.
- Published: Nov. 6, 2024, 4:21 p.m.
- Modified: Nov. 6, 2024, 5:34 p.m.
Attack Patterns
- Winos 4.0
- Moudoor
- Mydoor
- gh0st RAT - S0032
- Void Arachne
- T1115
- T1056.001
- T1113
- T1005
- T1547
- T1082
- T1057
- T1105
- T1071
- T1055
- T1036
- T1140
- T1132
- T1027
- T1059
Additional Informations
- Gaming
- Education
- China