Network Security, Threat Intelligence, Malware

Malicious installers used in novel Void Arachne attacks

Chinese hacker. Laptop with binary computer code and china flag

Malicious MSI installers containing artificial intelligence tools, VPN clients, and Chinese language packs have been utilized by the new Void Arachne threat operation to target Chinese-speaking users with the WInos 4.0 backdoor, reports The Cyber Express.

Numerous techniques — including search engine optimization poisoning, VPN targeting, deepfake pornography, face and voice swapping apps, and Telegram channels — have been leveraged by Void Arachne to spread the installers, which when executed decrypts malware configurations to install the Winos 4.0 payload, a Trend Micro report revealed.

Aside from enabling distributed denial-of-service attacks, keylogging, remote access, and webcam and microphone takeovers, Winos 4.0 also allows file searches, process injection, registry checks, and other reconnaissance efforts, according to researchers, who also noted that additional plugins and modules are also being received by the backdoor upon connecting with a command-and-control server.

Such a campaign has prompted worries about the misuse of AI after attackers touted AI technologies for virtual kidnapping.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.