Ayoub Aouragh October 19, 2025 1 min read

Silver Fox targets Japan and Malaysia with Winos 4.0 attacks

Cybersecurity researchers are raising alarms as the Silver Fox group expands its Winos 4.0 malware attacks from China and Taiwan to Japan and Malaysia. This malware, also known as ValleyRAT, is now being delivered through another remote access trojan called HoldingHands RAT. The campaign mainly uses phishing emails that trick users into opening PDFs, which look like official documents from the Ministry of Finance but contain nasty embedded links.

Pei Han Liao from Fortinet's FortiGuard Labs pointed out that these malicious documents include multiple links, one of which leads to the Winos 4.0 malware. This threat has a habit of spreading through phishing and SEO poisoning, luring victims to fake sites that pretend to be legitimate software like Google Chrome and Telegram. If you’re in those regions, keep your guard up and think twice before clicking on suspicious emails.

Share this article

Twitter LinkedIn Email

More insights from the team

Continue exploring adjacent research and threat briefings selected for their relevance to this topic.

View all articles

Nov 07, 2025 • 1 min

U.S. Congressional Budget Office faces suspected cyberattack

The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...

Researchers uncover vulnerabilities in ChatGPT that expose data

Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...

Gootloader malware resurfaces with new tactics after seven months

Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...