A hacking group called Void Arachne is targeting Chinese-speaking users with a malware campaign. They are distributing malicious software disguised as legitimate software installers for popular applications. These installers contain Winos malware, which gives attackers remote control of infected devices. The attackers are using two main methods to distribute the malware: SEO poisoning and popular social media platforms like Telegram.
The malware collects a significant amount of data from infected machines, including the IP address, computer name, antivirus software, operating system details, and hardware ID. It also targets specific antivirus processes in an attempt to avoid detection. Additionally, the malware can capture screenshots, clear system logs, and execute commands received from the attacker’s control server.
One concerning aspect of this campaign is the use of malicious software disguised as “nudifier” applications. These applications claim to use artificial intelligence to generate nude photos or videos of people. Nudifier apps are often used in sextortion schemes, where attackers threaten to release the fake nude photos or videos unless the victim pays them money.
This campaign highlights the dangers of downloading software from untrusted sources. Users should always be cautious when clicking on links or downloading files from unknown websites or social media channels. It is important to only download software from trusted sources and to verify the legitimacy of any software before installing it.
Reference:
