Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Hackers are using fake software installers for popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 malware. The malware, known as Catena, uses a multi-stage, memory-resident loader to evade detection and connect to attacker-controlled servers. The attacks, targeting Chinese-speaking environments, are attributed to a threat cluster known as Void Arachne or Silver Fox.