⚠️Today : 0 critical vulnerabilities | 0 high vulnerabilities | 1 medium vulnerabilities | 0 low vulnerabilities - You can now download lists of IOCs here !

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Nov. 6, 2024, 5:34 p.m.

Tags
gh0st rat
cryptocurrency wallets
multi-stage infection
2024-11-06
command-and-control
winos 4.0
optimization apps
External References
Description

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, capture clipboard content, gather cryptocurrency wallet data, and enable backdoor functionality. Winos 4.0 also allows for additional plugins to capture screenshots and upload sensitive documents. The framework is considered powerful, similar to Cobalt Strike and Sliver, and exploits users' trust in game optimization tools to deploy deep system control.

Date

Published: Nov. 6, 2024, 4:21 p.m.

Created: Nov. 6, 2024, 4:21 p.m.

Modified: Nov. 6, 2024, 5:34 p.m.

Indicators

202.79.173.4

ad59t82g.com

Download all indicators here!

Attack Patterns

Winos 4.0

Moudoor

Mydoor

gh0st RAT - S0032

Void Arachne

T1115

T1056.001

T1113

T1005

T1547

T1082

T1057

T1105

T1071

T1055

T1036

T1140

T1132

T1027

T1059

Additional Informations

Gaming

Education

China