Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia with HoldingHands RAT
Summary
Hide ▲
Show ▼
The Silver Fox threat group has expanded its Winos 4.0 attacks to target Japan and Malaysia using the HoldingHands RAT. This campaign involves phishing emails with malicious PDFs and exploits SEO poisoning to distribute malware. The group has been active since at least March 2024, targeting various sectors in China, Taiwan, Japan, and Malaysia. The malware employs sophisticated techniques to evade detection and maintain persistence on compromised systems. The HoldingHands RAT is designed to connect to a remote server, send host information, and execute commands from the attacker. It includes features to update the command-and-control (C2) address via a Windows Registry entry. The malware is equipped to capture sensitive information, run arbitrary commands, and download additional payloads. The group has also been linked to Operation Silk Lure, targeting Chinese fintech, cryptocurrency, and trading platform sectors with highly targeted phishing emails containing malicious .LNK files.
Timeline
-
18.10.2025 09:51 1 articles · 23h ago
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia with HoldingHands RAT
The Silver Fox threat group has expanded its Winos 4.0 attacks to target Japan and Malaysia using the HoldingHands RAT. This campaign involves phishing emails with malicious PDFs and exploits SEO poisoning to distribute malware. The group has been active since at least March 2024, targeting various sectors in China, Taiwan, Japan, and Malaysia. The malware employs sophisticated techniques to evade detection and maintain persistence on compromised systems. The HoldingHands RAT is designed to connect to a remote server, send host information, and execute commands from the attacker. It includes features to update the command-and-control (C2) address via a Windows Registry entry. The malware is equipped to capture sensitive information, run arbitrary commands, and download additional payloads. The group has also been linked to Operation Silk Lure, targeting Chinese fintech, cryptocurrency, and trading platform sectors with highly targeted phishing emails containing malicious .LNK files.
Show sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
Information Snippets
-
Silver Fox, also known as SwimSnake, Valley Thief, UTG-Q-1000, and Void Arachne, is an aggressive Chinese cybercrime group.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
Winos 4.0 malware is spread via phishing and SEO poisoning, directing users to fake websites masquerading as popular software.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
HoldingHands RAT is a remote access trojan inspired by Gh0st RAT, which had its source code leaked in 2008.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
The malware uses phishing emails with PDFs containing embedded malicious links to deliver Winos 4.0 and HoldingHands RAT.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
The malware employs anti-virtual machine (VM) checks, enumerates active processes, and terminates security products from Avast, Norton, and Kaspersky.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
The malware uses the Task Scheduler to load malicious DLLs, making behavior-based detection more challenging.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
HoldingHands RAT connects to a remote server, sends host information, and executes commands from the attacker.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
-
Operation Silk Lure targets Chinese fintech, cryptocurrency, and trading platform sectors with phishing emails containing malicious .LNK files.
First reported: 18.10.2025 09:511 source, 1 articleShow sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51