A newly identified malware framework called "Winos4.0" targets Windows users through game-related applications. It is a sophisticated variant of Gh0strat, capable of executing remote actions and granting attackers control over compromised systems. Winos4.0 is distributed via seemingly harmless applications, which download a BMP file that extracts and activates the Winos4.0 DLL file. The malware establishes persistence by creating registry keys or scheduled tasks. Its capabilities include clipboard monitoring, system information gathering, and detection of antivirus software and security applications. Winos4.0 targets educational institutions, particularly in "Campus Administration." It maintains communication with command-and-control (C2) servers to download encrypted modules and receive commands for actions like document management and screen capture. Fortinet compares Winos4.0 to frameworks like Cobalt Strike and Sliver, noting its encrypted data exchanges and C2 communication. Users are advised to download applications only from reputable sources.
Cybersecurity researchers at Fortinet’s FortiGuard Labs have identified a malware campaign named Winos4.0 that disguises itself as benign gaming applications targeting Microsoft Windows users. This malware framework is similar to threats like Cobalt Strike and Sliver. Users who download these applications inadvertently install Trojan horses that deploy the Winos4.0 framework, which has been found in various gaming-related tools. The malware appears to focus on the education sector, as indicated by its file description “校园政务” (Campus Administration).
Winos4.0 is a re-engineered version of the Gh0stRat remote access trojan and consists of modular components for specific tasks. The attack begins with the retrieval of a BMP file from a remote server, leading to the extraction of a DLL file named “you.dll.” This file downloads additional files, including the main malicious file “libcef.dll,” which injects shellcode to establish a connection with a command and control (C2) server. The malware executes various tasks, such as monitoring system information and maintaining a connection to the C2 server.
To protect against such threats, users are advised to download applications only from reputable sources, avoid third-party app stores, and scan new files before execution. Regular device scans are recommended, especially after downloading new content.
Hackers are targeting Windows users with the Winos4.0 framework, which is distributed through seemingly harmless game-related applications. This toolkit has capabilities similar to well-known post-exploitation frameworks like Sliver and Cobalt Strike. Initially, a threat actor named Void Arachne attracted victims with modified software like VPNs and Google Chrome for the Chinese market, but recent tactics involve using games and game-related files.
The infection process begins when a legitimate installer is executed, downloading a DLL file from “ad59t82g[.]com.” This triggers a multi-step infection process involving the download of a DLL named you.dll, which fetches additional files and modifies the Windows Registry for persistence. The second phase involves injected shellcode that loads APIs and connects to a command-and-control (C2) server, while the third phase retrieves encoded data from the C2 server.
The final stage includes loading a login module that performs various malicious actions, such as collecting system information, checking for anti-virus software, gathering data on cryptocurrency wallet extensions, maintaining a backdoor connection to the C2 server, and exfiltrating sensitive information through methods like taking screenshots and stealing documents.
Winos4.0 can identify various security tools, including Kaspersky, Avast, and Malwarebytes, allowing it to adjust its behavior based on the environment. Fortinet describes Winos4.0 as a powerful tool for controlling compromised systems, with reports from Fortinet and Trend Micro providing indicators of compromise (IoCs) related to this threat.
Workers at the French video game developer Don't Nod are set to strike on Friday, November 8th, at 2 PM, organized by the STJV union. The strike is in response to a restructuring plan that puts 69 employees at risk of redundancy. Employees are demanding the withdrawal of the redundancy plan, greater representation in decision-making, and the presence of CEO Oskar Guilbert during negotiations. They expressed their frustrations in a letter to leadership, stating that failures are due to negligent acts and bad decisions from management.
Call of Duty: Black Ops 6 was launched on October 25th and has become the most successful entry in the franchise's history, leading to an increase in Game Pass subscribers. The Steam Top Ten for the week ending November 5th includes:
1. Call of Duty: Black Ops 6, Activision
2. Counter-Strike 2, Valve
3. Dragon Age: The Veilguard, EA
4. Throne and Liberty, Amazon
5. Monster Hunter Wilds, Capcom (P)
6. Steam Deck, Valve
7. War Thunder, Gaijin Entertainment
8. Naraka: Bladepoint, NetEase
9. Cyberpunk 2077, CD Projekt
10. Red Dead Redemption, Rockstar
Dragon Age: The Veilguard peaked at over 89,000 concurrent users since its release. Naraka: Bladepoint surged 29 spots due to a new hero, Cyra. Cyberpunk 2077 returned to the Top Ten after a 50 percent price reduction. The PC version of Red Dead Redemption debuted at tenth place.
DecartAI has launched a world model called Oasis, resembling Minecraft, but it features low resolution (360p) and framerate (20 fps), similar to Nintendo 64 games. The gameplay includes numerous AI hallucinations, making interactions difficult, such as digging resulting in players being returned to the surface. The experience lacks permanence and coherence, raising doubts about its appeal as a survival-building RPG. Despite advancements in AI for games like Counter-Strike: GO and Doom, traditional game engines on robust hardware are deemed more viable for enjoyable gaming experiences. AI-generated content relies on existing material for training, limiting originality, with the closest example being a derivative version of Angry Birds that fails to match the original's quality.
Matt Filer, a modder, has spent nearly a decade creating modifications for the horror game Alien: Isolation, which critics noted could have benefited from a shorter playtime than its typical 20 hours. Filer expressed that the game should have concluded around the 10-12 hour mark. He released a new mod called Impossible Campaign, which allows players to finish the game in under a minute by altering the narrative. This mod introduces xenomorphs to LV426, preventing key events from occurring. Filer developed the OpenCAGE toolkit for extensive game editing and has experimented with various modifications. Alien: Isolation is currently available on Steam.
Ubisoft has launched its first player-versus-player blockchain RPG, Champions Tactics: Grimoria Chronicles, featuring characters that can be purchased as NFTs using in-game currency or cryptocurrency. The most expensive character, Inquisitor Swift Zealot, is priced at ,372.19, while another character, Glowing Beast, costs ,100, with the majority priced at ,000 or less. Despite a 95% decline in the NFT market last year, Ubisoft is promoting this game as part of its NFT initiative announced in July. The game is part of a growing trend of blockchain and web3 games that include NFTs. Traditional free-to-play games attract larger audiences compared to blockchain titles, which may appeal mainly to NFT enthusiasts.
Call of Duty: Black Ops 6 has become the highest-grossing title on Steam for the week ending October 29th, surpassing Counter-Strike 2. Throne and Liberty is in third place, while Factorio is fourth, boosted by its new Space Age expansion, which is fifth. The Steam Deck and PUBG: Battlegrounds are now sixth and seventh, respectively. War Thunder has climbed to eighth place, Liar's Bar is ninth, and EA Sports FC 25 rounds out the Top Ten.
