Winos 4.0 and HoldingHands RAT malware activity expanding targeting to Japan and Malaysia
Malware Activity
Summary
Hide ▲
Show ▼
The Winos 4.0 malware operation has expanded its target footprint to Japan and Malaysia through HoldingHands RAT, increasing the reach of a multi-stage phishing delivery chain. The malware can connect to remote servers, receive attacker-issued commands, and capture sensitive information, making the infections more dangerous. The activity continues to rely on phishing PDFs, malicious links, and fake landing pages to seed compromise. The broadened targeting raises the risk of follow-on theft and additional payload delivery.
Related Happenings
Fake AI study guide AsyncRAT lure campaign targeting Windows users
Campaign
H score33
First: 11.06.2026 17:00
Last: 11.06.2026 17:00
Sources 1
About this happening:
A **malware-luring campaign** now uses fake **AI study guides** and **developer resources** to target **Windows users** at organizations, increasing the risk of stealthy **AsyncRA...
Fake AI study guide AsyncRAT lure campaign targeting Windows users
CampaignAbout this happening: A **malware-luring campaign** now uses fake **AI study guides** and **developer resources** to target **Windows users** at organizations, increasing the risk of stealthy **AsyncRA...
SPECTRALVIPER DLL sideloading backdoor activity
Malware Activity
H score31
First: 11.06.2026 12:45
Last: 11.06.2026 12:45
Sources 1
About this happening:
The **SPECTRALVIPER** backdoor was executed on affected **Windows** hosts through a **DLL sideloading** chain during **October 2025 to March 2026**, giving operators a way to run...
SPECTRALVIPER DLL sideloading backdoor activity
Malware ActivityAbout this happening: The **SPECTRALVIPER** backdoor was executed on affected **Windows** hosts through a **DLL sideloading** chain during **October 2025 to March 2026**, giving operators a way to run...
C0XMO Gafgyt botnet activity on DD-WRT routers
Malware Activity
H score19
First: 07.06.2026 17:17
Last: 07.06.2026 17:17
Sources 1
About this happening:
The **C0XMO** botnet is spreading through **DD-WRT router firmware** and other internet-facing devices, increasing the pool of systems available for **DDoS** attacks. It exploits...
C0XMO Gafgyt botnet activity on DD-WRT routers
Malware ActivityAbout this happening: The **C0XMO** botnet is spreading through **DD-WRT router firmware** and other internet-facing devices, increasing the pool of systems available for **DDoS** attacks. It exploits...
Open-source tool impersonation and TDS malware delivery campaign
Campaign
H score39
First: 04.06.2026 12:51
Last: 04.06.2026 12:51
Sources 1
About this happening:
A **large-scale campaign** is impersonating **open-source and freeware project sites** to route download clicks through a **Traffic Distribution System (TDS)** and deliver malware...
Open-source tool impersonation and TDS malware delivery campaign
CampaignAbout this happening: A **large-scale campaign** is impersonating **open-source and freeware project sites** to route download clicks through a **Traffic Distribution System (TDS)** and deliver malware...
Atlas RAT and related loaders deployed for remote access and credential theft
Malware Activity
H score33
First: 04.06.2026 00:45
Last: 04.06.2026 00:45
Sources 1
About this happening:
**TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...
Atlas RAT and related loaders deployed for remote access and credential theft
Malware ActivityAbout this happening: **TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...
Timeline
-
18.10.2025 09:51 2 articles · 8mo ago
Winos 4.0 and HoldingHands RAT malware activity expanding targeting to Japan and Malaysia
Initial DisclosureThe initial phase used **phishing emails** carrying **PDFs** and embedded malicious links that impersonated official documents, then led victims into a staged download chain for **Winos 4.0** and **HoldingHands RAT**.
Show sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51