Names | Void Arachne (Trend Micro) | |
Country | China | |
Motivation | Information theft and espionage | |
First seen | 2024 | |
Description | (Trend Micro) In early April, we discovered that a new threat actor group (which we call Void Arachne) was targeting Chinese-speaking users. Void Arachne’s campaign involves the use of malicious MSI files that contain legitimate software installer files for artificial intelligence (AI) software as well as other popular software. The malicious Winos payloads are bundled alongside nudifiers and deepfake pornography-generating AI software, voice-and-face-swapping AI software, zh-CN (Simplified Chinese) language packs, the simplified Chinese version of Google Chrome, and Chinese-marketed virtual private networks (VPNs), such as LetsVPN and QuickVPN. During the process of installation, a Winos backdoor is also installed, which could also lead to full system compromise. | |
Observed | Countries: China. | |
Tools used | Winos. | |
Information | <https://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html> |
Last change to this card: 26 August 2024
Download this actor card in PDF or JSON format
Previous: Viking Spider
Next: Void Balaur
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |