close
close

This dangerous new malware attacks Windows devices by hiding inside games

Posted on by Dimeks
This dangerous new malware attacks Windows devices by hiding inside games

Future and its syndication partners may earn commission when you buy through links in our articles.

Ransomware. Ransomware.

Image credit: Shutterstock. | Credit: Shutterstock

  • Security researchers detect new malware framework called Winos4.0

  • Can monitor the clipboard, collect system information and more

  • Attackers appear to be targeting the education sector

Experts have detected a new malware framework targeting Windows users by hiding in games and game-related software.

A report by cybersecurity researchers FortiGuard Labs, which calls the framework “Winos4.0,” claims that hackers are advertising different installation tools, performance boosters, optimizers, and similar fake software that actually infect targets with an enhanced version of Winos4.0. It does. Gh0strat.

Winos4.0 has the ability to monitor the clipboard, collect system information, check antivirus software, retrieve information from cryptocurrency wallet extensions, and more.

Winos4.0 attacks

Often software frameworks like this can cause a lot of damage. Compared to “simple” malwareA framework provides an environment to deploy, manage and control different malware tools and modules as part of a coordinated attack. The frameworks are modular and allow attackers to tailor and control attacks based on their goals and the responses from target systems.

When it comes to the success of the campaign and potential victims, FortiGuard Labs doesn’t go into much detail, other than that the victims are most likely from the education sector: “Analysis of the decoded DLL file reveals that the education sector was potentially targeted. At one point in the report, the researchers say “校园政务” (Campus) in the file description. Management) said it was stated.

In another, they identified a DLL file called “学籍系统”, which stands for “Student Registration System”. This is further evidence that attackers may be targeting educational institutions.

“Winos4.0 is a powerful framework similar to Cobalt Strike and Sliver that can support multiple functions and easily control compromised systems. Threat campaigns leverage Game-related applications to persuade the victim to carefully download and run the malware and successfully deploy in-depth control of the system,” the researchers warned. “The entire attack chain involves multiple encrypted data and multiple C2 communications to complete the injection . Users should be aware of the source of any new applications and should only download software from qualified sources.”

through Information Security Journal

You may also like