The threat actors associated with the Winos 4.0 malware family, also referred to as ValleyRAT, have broadened their targeting capabilities to include Japan and Malaysia, indicating a significant expansion of their malicious operations. Alongside this expansion, they are employing a new remote access trojan (RAT) named HoldingHands RAT, also known as Gh0stBins. This indicates a strategic shift in their approach to cyber attacks, focusing on regions that may have previously been less affected.
The campaign utilizes phishing emails containing PDFs that have embedded malicious links, which serve as the entry point for malware installation. According to Pei Han Liao, a researcher from Fortinet’s FortiGuard, this method is a common technique for distributing malware and reflects the evolving tactics of cybercriminals. Such adaptations in targeting and method highlight the ongoing threat posed by this malware family, raising concerns for organizations in the newly targeted regions.
👉 Pročitaj original: The Hacker News
