New Malware Hiding in Gaming Apps, Targeting Windows Users
In a Rush? Here are the Quick Facts!
- Winos4.0 malware can take over infected computers for further attacks.
- Winos4.0 includes multiple components for controlling infected systems effectively.
- The malware may be targeting the education sector.
Fortinet’s FortiGuard Labs recently discovered a new cybersecurity threat that targets Microsoft Windows users through fake gaming apps. This advanced malware, named Winos4.0, can take control of infected computers and perform a range of harmful actions.
Hidden inside seemingly harmless gaming-related applications like installation tools, speed boosters, and optimization utilities, this malware puts users at risk.
Winos4.0 is built on a previous malware framework called Gh0strat and is designed to be versatile and stable. It contains multiple components that allow it to carry out a variety of tasks, making it particularly dangerous.
Fortinet researchers believe the malware may be targeting sectors like education, based on a file description found in its code labeled “校园政务” (Campus Administration).
Once downloaded, the malware installs itself and begins a multi-stage attack. It starts by retrieving a file from a remote server, decoding it, and executing specific functions that allow it to download more malicious files.
These files then load and perform tasks like recording clipboard content, tracking system information, checking for crypto wallets, and avoiding detection from antivirus software.
This malware communicates with its control server, known as a “C2 server,” through encrypted data exchanges. It frequently checks in with this server to receive new instructions, ensuring it remains active and ready for further actions.
Fortinet advises users to only download software from trusted sources to avoid falling victim to this threat. This discovery higlights the importance of caution when downloading new applications, particularly in areas like gaming, where these threats are increasingly hidden.
Leave a Comment
Cancel