Malware, Application security

Bogus game-related apps leveraged for new Winos4.0 malware deployment

Share
System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Hackread reports that Windows systems have been targeted with the new sophisticated Winos4.0 malware framework via fake game-related apps, such as speed boosters, installation utilities, and optimization tools.

Attacks involving Winos4.0, which resembles Sliver and Cobalt Strike, commence with the retrieval of a bogus BMP file and the eventual extraction of the "you.dll" file, which downloads additional files to facilitate the installation of API-loading shellcode and the launching of a DLL file that facilitates crash restarts, clipboard content recording, system information gathering, and crypto wallet extension and antivirus app monitoring, a report from Fortinet's FortiGuard Labs revealed. Having been based on the Chinese remote access trojan Gh0stRat, the Winos4.0 framework also has advanced modularity capabilities that could enable device takeovers. Organizations have been urged to prevent app downloads on workstations while users have been advised to avoid third-party app store downloads and conduct regular device scans following new file downloads.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.