Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Hackers use fake VPN and browser NSIS installers to deliver Winos 4.0 malware

(Image by Stefan Coders from Pixabay)

By Ravie Lakshmanan

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework.

The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

“Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools,” security researchers Anna Širokova and Ivan Feigl said. “Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware.”

Read more at The Hacker News

Click to listen highlighted text!