Researchers Uncover Malware Campaign Using Fake Software Installers

Cybersecurity researchers have uncovered a malware campaign using fake software installers disguised as popular tools such as LetsVPN and QQ Browser to distribute the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a memory-resident multi-stage loader called Catena. Catena employs embedded shellcode and configuration switching logic to orchestrate the attack.