Summary: A new phishing campaign targets companies in Taiwan using malware known as Winos 4.0, disguised as communications from the National Taxation Bureau. This campaign utilizes malicious attachments that impersonate official documents to deploy malware capable of various data-gathering activities. The evolving malware has links to other variants such as ValleyRAT, with specific targeting of Chinese and Vietnamese speakers indicated.
Affected: Companies in Taiwan, specifically targeting individuals within tax-related processes
Keypoints :
- The malware is distributed via phishing emails suggesting tax inspection, with a malicious ZIP file attachment.
- Winos 4.0 allows for extensive surveillance, including keylogging, screen capturing, and clipboard altering.
- The CleverSoar installer checks user language settings to specifically target victims in Chinese or Vietnamese regions.
- Associated with Silver Fox APT, the campaign also involves using compromised software to deliver additional malware like keyloggers and cryptocurrency miners.
Source: https://thehackernews.com/2025/02/silver-fox-apt-uses-winos-40-malware-in.html