Toggle light / dark theme

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework.

The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

“Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools,” security researchers Anna Širokova and Ivan Feigl said. “Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware.”

The problem? The file was unencrypted. No password protection. No security. Just a plain text file with millions of sensitive pieces of data.

Based on his analysis, Fowler determined the data was captured by some kind of infostealer malware. A popular tool used by cybercriminals, an infostealer is designed to grab usernames, passwords, and other sensitive data from breached sites and servers. Once the criminals get their hands on the data, they can use it to launch their own attacks or peddle the information on the dark web.

After finding the database, Fowler contacted the hosting provider, which removed it from public access. Since the provider would not disclose the name of the file’s owner, Fowler said he didn’t know if the database was created legitimately and then accidentally exposed or intentionally used for malicious reasons.

By Chuck Brooks


Dear Friends and Colleagues, this issue of the Security & Insights newsletter focuses on cybersecurity and the convergence of devices and networks. The convergence of the Internet of Things, industrial control systems (ICS), operational technology (OT), and information technology (IT) has revealed vulnerabilities and expanded attack surfaces. They are prime targets for hackers, who frequently look for unprotected ports and systems on internet-connected industrial devices. Because they provide several avenues of entry for attackers and because older OT systems were not built to withstand cyberattacks, IT/OT/ICS supply chains in continuous integration (CI) are especially vulnerable. Below is a collection of articles that address the challenges and threats of cybersecurity for connected devices and people.

Thanks for reading and stay safe! Chuck Brooks

Growing cyberthreats to the internet of things.

Cybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers.

The malicious activity has been codenamed RedisRaider by Datadog Security Labs.

“RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,” security researchers Matt Muir and Frederic Baguelin said.

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.

SK Telecom is the largest mobile network operator in South Korea, holding roughly half of the national market.

On April 19, 2025, the company detected malware on its networks and responded by isolating the equipment suspected of being hacked.