Malicious MSI installers containing artificial intelligence tools, VPN clients, and Chinese language packs have been utilized by the new Void Arachne threat operation to target Chinese-speaking users with the WInos 4.0 backdoor, reports The Cyber Express.
Numerous techniques — including search engine optimization poisoning, VPN targeting, deepfake pornography, face and voice swapping apps, and Telegram channels — have been leveraged by Void Arachne to spread the installers, which when executed decrypts malware configurations to install the Winos 4.0 payload, a Trend Micro report revealed.
Aside from enabling distributed denial-of-service attacks, keylogging, remote access, and webcam and microphone takeovers, Winos 4.0 also allows file searches, process injection, registry checks, and other reconnaissance efforts, according to researchers, who also noted that additional plugins and modules are also being received by the backdoor upon connecting with a command-and-control server.
Such a campaign has prompted worries about the misuse of AI after attackers touted AI technologies for virtual kidnapping.