Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework
Essential information
- Published
- 19/06/2024 11:37
- Modified
- 19/06/2024 12:10
- Tags
- 2024-06-19 backdoor chinese malware seo poisoning social engineering winos
- Related entities
- 1 vulnerabilities (cve), 46 observables, 1 intrusion sets (apt), 2 techniques (mitre), 1 malware, 1 others
Description
Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows Installer (MSI) files containing legitimate software bundled with malicious Winos payloads. The campaign promotes compromised MSI files embedded with nudifiers, deepfake pornography-generating software, and AI voice and facial technologies. It uses SEO poisoning, social media, and messaging platforms for malware distribution. The malware installs a Winos backdoor during installation, leading to potential system compromise. Void Arachne exploits heightened public interest in software circumventing China's Great Firewall and online censorship.