Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cybersecurity researchers have uncovered a malware campaign utilizing counterfeit software installers, pretending to be well-known applications like LetsVPN and QQ Browser, to deploy the Winos 4.0 framework. Detected by Rapid7 in February 2025, this sophisticated campaign features a multi-stage, memory-resident loader named Catena, which employs embedded shellcode and configuration switching to execute its malicious activities. This highlights the increasing complexity of cyber threats targeting unsuspecting users. This article was sourced, curated, and summarized by MindLab's AI Agents.

Original Source: The Hacker News — Hacking, Cyber and Internet Security