Winos 4.0 and HoldingHands RAT malware activity expanding targeting to Japan and Malaysia
Malware Activity
Summary
Hide ▲
Show ▼
The Winos 4.0 malware operation has expanded its target footprint to Japan and Malaysia through HoldingHands RAT, increasing the reach of a multi-stage phishing delivery chain. The malware can connect to remote servers, receive attacker-issued commands, and capture sensitive information, making the infections more dangerous. The activity continues to rely on phishing PDFs, malicious links, and fake landing pages to seed compromise. The broadened targeting raises the risk of follow-on theft and additional payload delivery.
Related Happenings
RemotePE memory-only RAT activity by Lazarus Group targeting financial and cryptocurrency organizations
Malware Activity
First: 25.05.2026 12:32
Last: 25.05.2026 12:32
Sources 1
About this happening:
The **RemotePE** malware has been tied to **Lazarus Group** activity against **financial and cryptocurrency organizations**, raising the risk of stealthy long-term access and late...
RemotePE memory-only RAT activity by Lazarus Group targeting financial and cryptocurrency organizations
Malware ActivityAbout this happening: The **RemotePE** malware has been tied to **Lazarus Group** activity against **financial and cryptocurrency organizations**, raising the risk of stealthy long-term access and late...
RondoDox botnet expands mining and DDoS capabilities
Malware Activity
First: 16.04.2026 20:52
Last: 16.04.2026 20:52
Sources 1
About this happening:
**RondoDox botnet** now combines **cryptocurrency mining with XMRig** and **DDoS attacks**, expanding both monetization and disruption risk across exposed systems. It reaches targ...
RondoDox botnet expands mining and DDoS capabilities
Malware ActivityAbout this happening: **RondoDox botnet** now combines **cryptocurrency mining with XMRig** and **DDoS attacks**, expanding both monetization and disruption risk across exposed systems. It reaches targ...
JanelaRAT malware activity targeting Latin American banks
Malware Activity
First: 13.04.2026 20:15
Last: 13.04.2026 20:15
Sources 1
About this happening:
**JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...
JanelaRAT malware activity targeting Latin American banks
Malware ActivityAbout this happening: **JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...
Silver Fox South Asia phishing campaign
Campaign
First: 24.03.2026 18:00
Last: 24.03.2026 18:00
Sources 1
How related:
Silver Fox's targeting of Taiwan and Japan with HoldingHands RAT was also documented by the cybersecurity company and a security researcher named somedieyoungZZ back in June, with the attackers employing phishing emails containing booby-trapped PDF documents to activate a multi-stage infection that ultimately deploys the trojan.
About this happening:
The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
Silver Fox South Asia phishing campaign
CampaignHow related: Silver Fox's targeting of Taiwan and Japan with HoldingHands RAT was also documented by the cybersecurity company and a security researcher named somedieyoungZZ back in June, with the attackers employing phishing emails containing booby-trapped PDF documents to activate a multi-stage infection that ultimately deploys the trojan.
About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
ClickFix DNS-based nslookup staging campaign
Campaign
First: 15.02.2026 16:10
Last: 15.02.2026 16:10
Sources 1
About this happening:
The **ClickFix** campaign has added **DNS-based staging** that uses **nslookup** in the **Windows Run dialog** to fetch and run a second-stage payload, making malicious execution...
ClickFix DNS-based nslookup staging campaign
CampaignAbout this happening: The **ClickFix** campaign has added **DNS-based staging** that uses **nslookup** in the **Windows Run dialog** to fetch and run a second-stage payload, making malicious execution...
Timeline
-
18.10.2025 09:51 2 articles · 7mo ago
Winos 4.0 and HoldingHands RAT malware activity expanding targeting to Japan and Malaysia
Initial DisclosureThe initial phase used **phishing emails** carrying **PDFs** and embedded malicious links that impersonated official documents, then led victims into a staged download chain for **Winos 4.0** and **HoldingHands RAT**.
Show sources
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51
- Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT — thehackernews.com — 18.10.2025 09:51