{"id":207508,"date":"2025-03-01T04:14:06","date_gmt":"2025-03-01T10:14:06","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/silver-fox-apt-uses-winos-4-0-malware-in-cyber-attacks-against-taiwanese-organizations"},"modified":"2025-03-01T04:14:06","modified_gmt":"2025-03-01T10:14:06","slug":"silver-fox-apt-uses-winos-4-0-malware-in-cyber-attacks-against-taiwanese-organizations","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/silver-fox-apt-uses-winos-4-0-malware-in-cyber-attacks-against-taiwanese-organizations","title":{"rendered":"Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/silver-fox-apt-uses-winos-4-0-malware-in-cyber-attacks-against-taiwanese-organizations.jpg\"><\/a><\/p>\n<p>It\u2019s worth noting that the <a href=\"https:\/\/hunt.io\/blog\/unearthing-new-infrastructure-by-revisiting-past-threat-reports\" rel=\"noopener\" target=\"_blank\">intrusion set<\/a> distributing the Winos 4.0 malware has been assigned the monikers Void Arachne and Silver Fox, with the malware also overlapping with <a href=\"https:\/\/thehackernews.com\/2024\/08\/multi-stage-valleyrat-targets-chinese.html\" rel=\"noopener\" target=\"_blank\">another remote access trojan<\/a> tracked as <a href=\"https:\/\/thehackernews.com\/2025\/02\/fake-google-chrome-sites-distribute.html\" rel=\"noopener\" target=\"_blank\">ValleyRAT<\/a>.<\/p>\n<p>\u201cThey are both derived from the same source: Gh0st RAT, which was developed in China and open-sourced in 2008,\u201d Daniel dos Santos, Head of Security Research at Forescout\u2019s Vedere Labs, told The Hacker News.<\/p>\n<p>\u201cWinos and ValleyRAT are variations of Gh0st RAT attributed to Silver Fox by different researchers at different points in time. Winos was a name commonly used in 2023 and 2024 while now ValleyRAT is more commonly used. The tool is constantly evolving, and it has both local Trojan\/RAT capabilities as well as a command-and-control server.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s worth noting that the intrusion set distributing the Winos 4.0 malware has been assigned the monikers Void Arachne and Silver Fox, with the malware also overlapping with another remote access trojan tracked as ValleyRAT. \u201cThey are both derived from the same source: Gh0st RAT, which was developed in China and open-sourced in 2008,\u201d Daniel [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-207508","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/207508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=207508"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/207508\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=207508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=207508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=207508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}