Hackers Deploy Winos4.0 Malware via Game-Related Apps to Target Windows Users
Cybercriminals are increasingly distributing a powerful new malware framework, Winos4.0, by hiding it within seemingly legitimate game-related apps aimed at Windows users. This advanced post-exploitation framework, documented earlier this year by Trend Micro, mirrors popular frameworks like Sliver and Cobalt Strike in its capabilities. Originally used to target Chinese users through bundled software, hackers have now adapted their approach, using popular gaming-related downloads to spread Winos4.0 more widely.
Malicious files infecting users with Winos4.0
Source: Fortinet
How Winos4.0 Lures Victims Through Gaming Apps
The latest campaigns involve malicious actors using games or game-adjacent files as bait. Once the user installs what appears to be a legitimate game or application, Winos4.0 initiates its infection process by downloading a DLL file from a remote server, “ad59t82g[.]com,” and setting up a sophisticated, multi-step attack chain.
Malware modules added onto the Registry
Source: Fortinet