{"id":6128,"date":"2024-11-06T16:32:37","date_gmt":"2024-11-06T22:32:37","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/chinese-gamers-targeted-winos40-framework-scam"},"modified":"2024-11-06T16:32:37","modified_gmt":"2024-11-06T22:32:37","slug":"chinese-gamers-targeted-in-winos4-0-framework-scam","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/06\/chinese-gamers-targeted-in-winos4-0-framework-scam\/","title":{"rendered":"Chinese Gamers Targeted in Winos4.0 Framework Scam"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Researchers are warning of an advanced malicious framework called Winos4.0 that’s getting distributed in the installation tools, speed boosters, and optimization utilities for gaming applications.<\/span><\/p>\n

The framework is rebuilt from Gh0strat with several modular components, each of them handling different functions; the framework has been deployed in several attack campaigns such as Silver Fox and Void Arachne.<\/span><\/p>\n

“Winos4.0 is an advanced malicious framework that o\ufb00ers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute further actions,” Fortinet FortiGuard Labs researchers stated.<\/span><\/p>\n

The campaigns using this framework have been previously documented by Trend Micro and the KnownSec 404 Team and have been observed targeting Chinese-speaking users, leveraging SEO tactics, social media, and <\/span>messaging platforms like Telegram<\/a><\/span> to distribute the malware.<\/span><\/p>\n

Once the victim runs the application, it retrieves a fake BMP file from the server ad59t82g[.]com. The file then extracts the DLL, which is responsible for setting up the execution environment, according to the researchers.<\/span><\/p>\n

The attack chain involves multiple encrypted data and C2 communication to complete the injection of the malware.<\/span><\/p>\n

“Threat campaigns leverage game-related applications to lure a victim to download and execute the malware without caution and successfully deploy deep control of the system,” <\/span>the Fortinet researchers added<\/a><\/span>. Users should be wary of any new applications’ source and only download software from reputable sources.<\/span><\/p>\n

Don’t miss the latest <\/span><\/span>Dark Reading Confidential podcast<\/a><\/span>, <\/span><\/span>where we talk about NIST’s post-quantum cryptography standards and what comes next for cybersecurity practitioners. Guests from General Dynamics Information Technology (GDIT) and Carnegie Mellon University break it all down. <\/span><\/span>Listen now!<\/a><\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Researchers are warning of an advanced malicious framework called Winos4.0<\/p>\n","protected":false},"author":12,"featured_media":6129,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6128","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/chinese-gamers-targeted-in-winos4-0-framework-scam-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6128"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6128\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6129"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}