"The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News."
"Winos 4.0 is a malware family that's often spread via phishing and search engine optimization (SEO) poisoning, directing unsuspecting users to fake websites masquerading as popular software like Google Chrome, Telegram, Youdao, Sogou AI, WPS Office, and DeepSeek, among others. The use of Winos 4.0 is primarily linked to an "aggressive" Chinese cybercrime group known as Silver Fox, which is also tracked as SwimSnake, The Great Thief of Valley (or Valley Thief), UTG-Q-1000, and Void Arachne."
Threat actors behind Winos 4.0 expanded targeting from China and Taiwan to include Japan and Malaysia, deploying HoldingHands RAT (aka Gh0stBins) alongside Winos. Phishing emails carried PDFs with embedded malicious links that masqueraded as Ministry of Finance documents and contained multiple links, one of which delivered Winos 4.0. Winos 4.0 propagation methods include phishing and SEO poisoning that steer victims to counterfeit download sites for popular software. The activity is associated with an aggressive Chinese cybercrime group tracked as Silver Fox and has involved BYOVD techniques and multi-stage infections to disable security software and deploy RATs.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]