This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Peak Performance.

Limitless Scalability.

  • 0

    Days

  • 0

    Hours

  • 0

    Mins

  • 0

    Sec

Off For 4 months
+40 free Migrations

Secure Any CMS With Ease with Our Malware Protection Add-On! LEARN MORE→

New Winos4.0 Malware Targets Windows Users Through Game Apps, Gains Persistent Access

Updated on November 8, 2024

2 Min Read

A new malware framework, dubbed Winos4.0, has been identified by FortiGuard Labs as an advanced evolution of the infamous Gh0strat malware.

Currently actively used in the continuation of cyber operations, Winos4.0 is located in game applications and associated installation and tuning utilities. When run, this malware provides the attacker full control and access to the device under attack, with monitoring privileges.

Once a user installs one of these compromised applications, the malware downloads a seemingly harmless BMP file that initiates a multitude of attack processes.

It ends with the execution of “libcef.dll,” a main malicious file, which drops shellcode and facilitates C2 server connections.

free malware removal

The C2 server then controls the operation of the malware through remote control, which downloads encoded modules for data theft, clipboard trolling, and system scans.

The files also reveal that Winos4.0 has expressed special concern in the education sector, for instance through file names such as Student Registration System.

The malware Winos4.0 sets up persistence on the infected devices by creating tasks and modifying the registry, thus making it run continually. It hides information about C2 server under registry keys for communication and remote access to the affected computers.

NEVER Worry About Malware Again

Get our malware protection add-on which proactively detects & eliminates malware before it has a chance to wreak havoc.

As a result, the users should only download the programs from the trusted sources, install the reputable antivirus programs with the real-time protection, and watch for the changes in the system, for instance, new tasks in the scheduler and new entries in the registry.

This complex malware framework shows why system monitoring and protective measures on the endpoints are imperative.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Hafsa Tahir

Hafsa is a content marketer who has been in the organic growth space for the past three years. With her background in Psychology and UX, she enjoys reading users' minds and is keen to try the most creative product marketing angles. Her copies scream: "you're not just a paycheck to us". Loves to crack unfunny jokes, pay gym fee and not go, and write psychologically disturbing short stories for some reason.

×

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour

CYBER MONDAY SAVINGS

Limitless Scalability.

  • 0

    Days

  • 0

    Hours

  • 0

    Mins

  • 0

    Sec

Off For 4 months
+40 free Migrations

Claim Now