Hackread reports that Windows systems have been targeted with the new sophisticated Winos4.0 malware framework via fake game-related apps, such as speed boosters, installation utilities, and optimization tools.
Attacks involving Winos4.0, which resembles Sliver and Cobalt Strike, commence with the retrieval of a bogus BMP file and the eventual extraction of the "you.dll" file, which downloads additional files to facilitate the installation of API-loading shellcode and the launching of a DLL file that facilitates crash restarts, clipboard content recording, system information gathering, and crypto wallet extension and antivirus app monitoring, a report from Fortinet's FortiGuard Labs revealed. Having been based on the Chinese remote access trojan Gh0stRat, the Winos4.0 framework also has advanced modularity capabilities that could enable device takeovers. Organizations have been urged to prevent app downloads on workstations while users have been advised to avoid third-party app store downloads and conduct regular device scans following new file downloads.
