Attacks with Winos 4.0 malware hit Taiwan

Taiwanese firms have been compromised with the Winos 4.0 malware in a phishing attack campaign involving the spoofing of the country's National Taxation Bureau, according to The Hacker News.

Attacks were initiated with malicious emails purporting to be a tax inspection schedule that includes a ZIP file containing a malicious DLL, which eventually leads to the installation of a Winos 4.0 module, a report from Fortinet FortiGuard Labs showed.

While such Winos 4.0 login module enabled keystroke logging, screenshot capturing, clipboard content modifications, connected USB device monitoring, and shellcode and sensitive action execution, another online module was observed by researchers to have obtained WeChat and online bank screenshots.

Winos 4.0 malware and the similar ValleyRAT payload were noted by Forescout Vedere Labs Head of Security Research Daniel dos Santos to be Gh0st RAT iterations linked to the Silver Fox APT operation.

Aside from recently deploying ValleyRAT through trojanized Philips DICOM viewer instances, Silver RAT was also reported to have exploited vulnerable TrueSight driver versions to obscure malicious activity.