New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers
19-June-24
Trend Micro researchers have uncovered a new threat campaign named Void Arachne targeting Chinese-speaking users, deploying malicious Windows Installer (MSI) files disguised as popular VPN software like Google Chrome and LetVPN. The campaign utilizes Search Engine Optimization (SEO) poisoning, social media, and messaging platforms to distribute malware, including Winos 4.0—a sophisticated command-and-control framework. The attackers also promote compromised MSI files containing deepfake pornography and AI voice and facial technologies. These installers modify firewall rules, execute second-stage payloads, and utilize a plugin-based system to perform various malicious activities such as DDoS attacks, webcam control, keylogging, and remote shell access. The campaign exploits public interest in VPNs amid China’s strict internet regulations, highlighting an increased risk landscape for Chinese users vulnerable to these deceptive tactics.
