Windows users warned it could be game over as hackers attack
Way back in the mists of time when I played games on my Amiga with pirated floppies, viruses were very much part of the life of the average gamer. Everything changes yet stays the same. Except now it’s gamers using the Microsoft Windows platform being targeted by hackers who want to do a lot more than display some 3D bouncing balls and call you rude names. Welcome to the world of Winos4.0 and threat actors targeting gamers in their quest for machine domination.
Windows Gamers Targeted By Winos4.0 Hackers
Security researchers working at FortiGuard Labs have published a new analysis of threat actors hiding Winos4.0 malware within gaming-related applications, installers, optimization utilities and speed boosters, targeting Microsoft Windows gamers. Not that Windows gamers are ignored by threat actors ordinarily, as a recent threat targeting Nvidia users demonstrated, but the Winos4.0 campaign is particularly complex and dangerous.
The Winos4.0 malware is best described as being a malicious framework, and a pretty advanced one at that. It wraps up comprehensive functionality with a highly stable architecture and a whole bunch of effective online endpoint controls. Built out of the ashes of another malware framework called Gh0strat, Winos4.0 is very real and present danger to Windows gamers that allows a successful attacker to take control of their system. It’s a lot like Cobalt Strike in that Winos4.0 can support a myriad of functions to make controlling a targeted computer easy.
Once the infected application is installed by the user on their Windows system, a fake bitmap image file is retrieved from a server which then extracts a dynamic link library that gets loaded. “Threat campaigns leverage game-related applications to lure a victim to download and execute the malware without caution,” the FortiGuard report warned, “and successfully deploy deep control of the system.”
FortiGuard Labs researchers uncover dangerous threat to Windows gamers
Hackers Can Grab Windows User’s Data
A successful installation of Winos4.0 by these threat actors will, FortiGuard explained in some technical detail, enable them to check for crypto wallet extensions to gather related information, check if Chrome anti-virus extensions are present, send encoded system information back to the hacker control server, capture screenshots and manage documents. “Upon receiving directives from the C2 server,” FortiGuard said, ”plugins facilitate uploading documents from the compromised system, enabling the attacker to gather sensitive information and discreetly monitor activities.”
Involving multiple encrypted data chains requiring back-and-forth communication with the control server, FortiGuard researchers said that Windows gamers “should be aware of any new application’s source and only download the software from qualified sources.”
