Winos 4.0 Campaign Expands Across Regions with New Malware

FortiGuard Labs has uncovered a sophisticated cross-regional campaign by Winos 4.0 hackers, initially targeting users with phishing PDFs disguised as official documents. The campaign has evolved, using custom domains and multi-stage loaders to deliver the HoldingHands payload. The malware employs DLL sideloading and privilege escalation techniques, making detection challenging. The latest variant includes a new C2 task that updates the server IP address via registry entry, showcasing the group's growing sophistication. Analysts have linked the infrastructure to new campaigns, highlighting the threat actors' reliance on phishing lures and layered evasion tactics.

Latest mentioned: 10-20

Earliest mentioned: 10-18

Sources

securityonline.info securityaffairs.com cybersum.net

Also Read

Sophisticated Malware Targets WordPress E-commerce Sites

The Wordfence Threat Intelligence Team has discovered a complex malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as a rogue plugin, employs advanced encryption, fake images, and remote command access for persistent exploitation. It logs user credentials, establishes backdoors, and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for their persistent credit card skimming activities.

10-31Read more →