Fortinet FortiGuard Labs researchers have issued a warning about the emergence of a sophisticated malicious framework known as Winos4.0 that is currently being distributed through various installation tools, speed boosters, and optimization utilities targeted at gaming applications. This framework, which is a revamped version of Gh0strat, comprises different modular components, each with specific functions, and has been utilized in various attack campaigns such as Silver Fox and Void Arachne.

The researchers described Winos4.0 as a highly advanced malicious framework that offers extensive functionality, a robust architecture, and effective control over numerous endpoints to carry out further malicious actions. Campaigns utilizing this framework have been previously documented by Trend Micro and the KnownSec 404 Team, primarily targeting Chinese-speaking users through the use of SEO tactics, social media platforms, and messaging apps like Telegram to distribute the malware.

When a victim unknowingly runs an application infected with Winos4.0, the malware retrieves a fake BMP file from a specific server (ad59t82g[.]com) which then extracts a DLL responsible for setting up the execution environment. This attack chain involves multiple layers of encrypted data and command-and-control (C2) communication to facilitate the injection of the malware into the system.

The Fortinet researchers emphasized that threat actors behind these campaigns are taking advantage of game-related applications to entice victims into downloading and executing the malware without suspicion, allowing them to gain deep control over the infected system. They advised users to exercise caution when downloading any new applications and only obtain software from reputable and trusted sources to minimize the risk of falling victim to such malicious campaigns.

In conclusion, the proliferation of advanced and complex malware frameworks like Winos4.0 underscores the evolving nature of cyber threats and the importance of staying vigilant against such malicious activities. Users are encouraged to stay informed about the latest cybersecurity trends and adopt best practices to safeguard their digital assets from potential security breaches.

Source link