The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News.
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity, dubbed Operation Rewrite, is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where "CL" stands for cluster and "UNK" refers to unknown motivation.
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character substitutions, they tricked victims into visiting spoofed pages and downloading malware."
