Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Winos 4.0 Malware Targets Taiwanese Firms

February 28, 2025
Reading Time: 2 mins read
in Alerts

A new malware campaign has targeted companies in Taiwan with the Winos 4.0 variant, distributed through phishing emails. The malicious emails, disguised as official correspondence from Taiwan’s National Taxation Bureau, instruct recipients to download an attachment purportedly containing a list of enterprises due for tax inspection. However, the file is a ZIP archive that holds a malicious DLL file, “lastbld2Base.dll,” which facilitates the next stage of the attack by deploying shellcode. This code connects to a remote server, ultimately installing the Winos 4.0 malware and enabling the theft of sensitive data from the infected system.

The Winos 4.0 malware is equipped with multiple capabilities to monitor and steal information.

It can capture screenshots, log keystrokes, manipulate clipboard content, and monitor connected USB devices. Furthermore, it enables the execution of sensitive commands like cmd.exe, even bypassing security prompts from specific security software. Researchers have also noted that a secondary attack chain was detected, where the malware downloads additional modules capable of capturing screenshots from messaging apps like WeChat and from online banking sites.

This attack campaign has been attributed to the cyber group known as Silver Fox, with the Winos 4.0 malware being a variation of the Gh0st RAT, an open-source remote access Trojan (RAT) originally developed in China. In addition to its evolution, the malware is also connected to another remote access tool, ValleyRAT, which shares a similar origin. The attack’s complex nature is demonstrated through the involvement of multiple malicious tools, including the CleverSoar installer, which checks the system’s language before continuing the infection.

This language-based check suggests that the primary targets of the attack are users in Chinese and Vietnamese-speaking regions.

The Silver Fox group, responsible for the Winos 4.0 malware, has also been linked to a series of other cyberattacks, including one involving trojanized Philips DICOM viewers. This campaign utilizes the viewer to deploy the ValleyRAT backdoor, which is followed by the installation of a keylogger and cryptocurrency miner on the victim’s computer. The use of the trojanized DICOM viewers is a strategic move to infect systems, while the keylogger enables the theft of credentials and personal data, and the crypto miner exploits system resources for financial gain.

Reference:
  • Winos 4.0 Malware Targets Taiwanese Firms with Phishing Campaign
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityFebruary 2025
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial