Winos 4.0 Malware Expands Reach with HoldingHands RAT

Cyber Security News by CyberSum.net

Published on October 18, 2025 at 03:00 PM

4 sources

The threat actors behind Winos 4.0 malware have expanded their targeting to include new regions, using phishing emails with malicious PDFs to deliver HoldingHands RAT. This campaign, linked to an aggressive cybercrime group, employs SEO poisoning and fake websites to spread the malware. Recent attacks have utilized taxation-themed documents and fake landing pages to deceive recipients into downloading the RAT, which can capture sensitive information and run arbitrary commands.

Also Read

Mysterious Elephant APT Group Targets Government Agencies

The Mysterious Elephant APT group has launched a sophisticated campaign targeting government and foreign policy agencies. The group uses custom-built malware and modified open-source utilities to siphon off sensitive data, including documents and images, from WhatsApp communications. The campaign, active since early 2025, employs spear phishing as the primary entry vector, with highly personalized emails invoking regional diplomatic themes. Once inside, the group deploys an arsenal of tools, including BabShell and MemLoader variants, to establish persistence and exfiltrate data. The group's infrastructure leverages wildcard DNS records and multiple VPS providers, complicating defensive tracking and attribution efforts.

By Cyber Security News by CyberSum.netOctober 16, 2025 at 03:00 PM