This dangerous new malware is hitting Windows devices by hiding in games

Some performance boosters and optimizers are hiding a terrible secret

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Experts have detected a new malicious software framework targeting Windows users by hiding in games and game-related software.

A report from cybersecurity researchers FortiGuard Labs, which named the framework “Winos4.0”, claims hackers have been advertising different installation tools, performance boosters, optimizers, and similar fake software that actually infects the targets with Winos4.0, an advanced version of Gh0strat.

Winos4.0 is capable of monitoring the clipboard, gathering system information, checking for antivirus software, grabbing information from cryptocurrency wallet extensions, and more.

Winos4.0 attacks

Winos4.0 attacks

Usually, software frameworks such as this one are capable of causing plenty of damage. Compared to “simple”malware, a framework provides an environment for deploying, managing, and controlling different malware tools and modules, as part of a coordinated attack. Frameworks are modular and allow attackers to tailor and control attacks based on their objectives and responses from target systems.

When it comes to the campaign’s success, and potential victims, FortiGuard Labs does not go into much detail, aside that the victims were most likely in the education industry: “Analysis of the decoded DLL file reveals a potential targeting of the education sector, as indicated by its file description, “校园政务” (Campus Administration),” the researchers said at one point of the report.

In another, they described a DLL file named “学籍系统,” meaning “Student Registration System,” - another piece of evidence suggesting that the attackers could be targeting educational organizations.

“Winos4.0 is a powerful framework, similar to Cobalt Strike and Sliver, that can support multiple functions and easily control compromised systems. Threat campaigns leverage Game-related applications to lure a victim to download and execute the malware without caution and successfully deploy deep control of the system,” the researchers warned. “The entire attack chain involves multiple encrypted data and lots of C2 communication to complete the injection. Users should be aware of any new application’s source and only download the software from qualified sources.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaInfosecurity Magazine

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’m a die-hard Apple fan, but even I’ll admit that the Google Pixel 9 Pro is the best-looking phone of the year