New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
Jun 19, 2024
Malware / Cyber Attack
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0. "The campaign also promotes compromised MSI files embedded with nudifiers and deepfake pornography-generating software, as well as AI voice and facial technologies," Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Ahmed Mohamed Ibrahim said in a technical report published today. "The campaign uses [Search Engine Optimization] poisoning tactics and social media and messaging platforms to distribute malware." The security vendor, which discovered the new threat actor group in early April 2024, said the attacks entail advertising popular software such as Google Chrome, LetsVPN, QuickVPN, and a Telegram language pack for the Simplified Chinese language to distribute Winos. Alternate attack...