New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Nov. 6, 2024, 5:34 p.m.

Description

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, capture clipboard content, gather cryptocurrency wallet data, and enable backdoor functionality. Winos 4.0 also allows for additional plugins to capture screenshots and upload sensitive documents. The framework is considered powerful, similar to Cobalt Strike and Sliver, and exploits users' trust in game optimization tools to deploy deep system control.

External References

https://thehackernews.com/2024/11/new-winos-40-malware-infects-gamers.html
https://otx.alienvault.com/pulse/672b979f1d0eddf91c9a721d
Tags
gh0st rat
cryptocurrency wallets
multi-stage infection
2024-11-06
command-and-control
winos 4.0
optimization apps

Date

  • Created: Nov. 6, 2024, 4:21 p.m.
  • Published: Nov. 6, 2024, 4:21 p.m.
  • Modified: Nov. 6, 2024, 5:34 p.m.

Indicators

  • 202.79.173.4
  • ad59t82g.com
Download all indicators here!

Attack Patterns

  • Winos 4.0
  • Moudoor
  • Mydoor
  • gh0st RAT - S0032
  • Void Arachne
  • T1115
  • T1056.001
  • T1113
  • T1005
  • T1547
  • T1082
  • T1057
  • T1105
  • T1071
  • T1055
  • T1036
  • T1140
  • T1132
  • T1027
  • T1059

Additional Informations

  • Gaming
  • Education
  • China