Today > vulnerabilities   -   You can now download lists of IOCs here!

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Nov. 6, 2024, 5:34 p.m.

Description

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, capture clipboard content, gather cryptocurrency wallet data, and enable backdoor functionality. Winos 4.0 also allows for additional plugins to capture screenshots and upload sensitive documents. The framework is considered powerful, similar to Cobalt Strike and Sliver, and exploits users' trust in game optimization tools to deploy deep system control.

Date

Published: Nov. 6, 2024, 4:21 p.m.

Created: Nov. 6, 2024, 4:21 p.m.

Modified: Nov. 6, 2024, 5:34 p.m.

Indicators

202.79.173.4

ad59t82g.com

Attack Patterns

Winos 4.0

Moudoor

Mydoor

gh0st RAT - S0032

Void Arachne

T1115

T1056.001

T1113

T1005

T1547

T1082

T1057

T1105

T1071

T1055

T1036

T1140

T1132

T1027

T1059

Additional Informations

Gaming

Education

China