Void Arachne Uses Deepfakes and AI to Deliver Malicious VPNs to Chinese Users

Void Arachne Uses Deepfakes and AI to Deliver Malicious VPNs to Chinese Users

June 19, 2024 at 07:00AM

Cybersecurity firm Trend Micro discovered a new threat group targeting Chinese-speaking users with a campaign dubbed Void Arachne. The attack employs malicious Windows Installer files for VPNs to distribute the Winos 4.0 command-and-control framework. The campaign involves social media and messaging platforms and promotes compromised files with deepfake and AI technologies. The intricate backdoor implant, Winos 4.0, offers various malicious capabilities and is designed to evade the Great Firewall of China.

Based on the meeting notes provided, the main takeaways are:

1. A new threat activity cluster codenamed Void Arachne is targeting Chinese-speaking users, using malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0.
2. The campaign also involves compromised MSI files with nudifiers, deepfake pornography-generating software, AI voice and facial technologies, and employs [Search Engine Optimization] poisoning tactics and social media and messaging platforms to distribute malware.
3. The attacks entail advertising popular software such as Google Chrome, LetsVPN, QuickVPN, and a Telegram language pack for the Simplified Chinese language to distribute Winos. Alternate attack chains leverage backdoored installers propagated on Chinese-language-themed Telegram channels.
4. The use of a malicious Chinese language pack poses a significant attack surface and is part of various software purported to offer capabilities for non-consensual deepfake pornographic videos, AI technologies, voice-altering, and face-swapping tools.
5. The implant Winos 4.0, written in C++, is equipped with various capabilities including file management, distributed denial of service (DDoS), disk search, webcam control, screenshot capture, keylogging, and remote shell access.
6. The Great Firewall of China and strict government control over internet connectivity have notably increased public interest in VPN services, further enhancing threat actors’ interest in exploiting this heightened public interest.

Please let me know if there is anything specific you would like to focus on or any other details you need.

Full Article