Winos4.0 Malware Found in Game Apps, Targets Windows Users

Security

A new malicious software framework, “Winos4.0,” has been discovered embedded in game-related applications targeting Windows users.

According to researchers at FortiGuard Labs, this malware framework is a sophisticated variant derived fromGh0strat. Winos4.0 can execute multiple actions remotely and provides attackers with extensive control over affected systems.

The malware operates by distributing game-related applications, such as installation tools and performance boosters, to gain initial access to target devices.

Once a user installs one of these applications, it downloads a seemingly benign BMP file from a remote server, which then extracts and activates the Winos4.0 DLL file. The malware’s first stage creates an environment to deploy additional modules and establishes persistence on the infected machine by creating registry keys or scheduled tasks.

Winos4.0’s Advanced Capabilities and Security Threats

In the following stages, the framework decodes hidden files to inject shellcode and load various modules essential for controlling compromised systems. Key functions include clipboard monitoring, system information gathering and checking for antivirus software, crypto wallet extensions and other security applications.

This sophisticated framework also targets educational organizations, with file descriptions indicating a possible focus on “Campus Administration” functions.

Read more on how gaming apps are leveraged in malware attacks: Hackers, Fraudsters and Thieves: Understanding Cybersecurity in the Gaming Industry

Further analysis reveals that Winos4.0 communicates with command-and-control (C2) servers to download encrypted modules. It retrieves the C2 server addresses from specific registry keys, enabling it to log in and maintain connectivity.

This connection allows the malware to receive commands and download modules to perform actions such as document management, screen capture and environment monitoring, among other surveillance functions.

“Winos4.0 is a powerful framework, similar toCobalt Strike and Sliver, that can support multiple functions and easily control compromised systems,” Fortinet warned.

“The entire attack chain involves multiple encrypted data and lots of C2 communication to complete the injection. Users should be aware of any new application’s source and only download the software from qualified sources.”

Products You May Like

Articles You May Like

9 Steps to Get CTEM on Your 2025 Budgetary Radar
Month in security with Tony Anscombe – October 2024 edition
US Voters Urged to Use Official Sources for Election Information
US and Israel Warn of Iranian Threat Actor’s New Tradecraft
Canadian Government Data Stolen By Chinese Hackers

Leave a Reply

Your email address will not be published. Required fields are marked *