New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps
Nov. 6, 2024, 5:34 p.m.
Tags
External References
Description
A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, capture clipboard content, gather cryptocurrency wallet data, and enable backdoor functionality. Winos 4.0 also allows for additional plugins to capture screenshots and upload sensitive documents. The framework is considered powerful, similar to Cobalt Strike and Sliver, and exploits users' trust in game optimization tools to deploy deep system control.
Date
Published: Nov. 6, 2024, 4:21 p.m.
Created: Nov. 6, 2024, 4:21 p.m.
Modified: Nov. 6, 2024, 5:34 p.m.
Attack Patterns
Winos 4.0
Moudoor
Mydoor
gh0st RAT - S0032
Void Arachne
T1115
T1056.001
T1113
T1005
T1547
T1082
T1057
T1105
T1071
T1055
T1036
T1140
T1132
T1027
T1059
Additional Informations
Gaming
Education
China