A new malware family known as Winos 4.0 (aka ValleyRAT) has expanded its targeting footprint to Japan and Malaysia, in addition to China and Taiwan. The attackers are using phishing emails with PDFs containing malicious links to spread the malware.
The malware is inspired by another RAT malware referred to as Gh0st RAT, which had its source code leaked in 2008 and has since been widely adopted by various Chinese hacking groups.
To execute the malware, victims are prompted to download a ZIP archive that delivers the HoldingHands RAT (aka Gh0stBins) payload. The malware connects to a remote server, sends host information, and receives commands from the attackers.
Fortinet researcher Rachael Pei pointed out that the primary motivation appears to be regional intelligence collection, with the malware lying dormant as it awaits further commands.
Source: https://thehackernews.com/2025/10/silver-fox-expands-winos-40-attacks-to.html