Void Arachne - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:14:31 UTC
 APT group: Void Arachne
Names
Void Arachne (Trend Micro)
Silver Fox (Qihoo 360)
Country China
Motivation Information theft and espionage
First seen 2024
Description
(Trend Micro) In early April, we discovered that a new threat actor group (which we
call Void Arachne) was targeting Chinese-speaking users. Void Arachne’s campaign
involves the use of malicious MSI files that contain legitimate software installer files
for artificial intelligence (AI) software as well as other popular software. The
malicious Winos payloads are bundled alongside nudifiers and deepfake
pornography-generating AI software, voice-and-face-swapping AI software, zh-CN
(Simplified Chinese) language packs, the simplified Chinese version of Google
Chrome, and Chinese-marketed virtual private networks (VPNs), such as LetsVPN
and QuickVPN. During the process of installation, a Winos backdoor is also
installed, which could also lead to full system compromise.
Observed Countries: China, Japan, Taiwan.
Tools used Gh0stCringe, HoldingHands RAT, Winos.
Operations performed Jun 2025
Threat Group Targets Companies in Taiwan
Information
Last change to this card: 16 August 2025
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f08fc5ff-f408-48bf-a116-e1e98de278b2
Page 1 of 2

Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f08fc5ff-f408-48bf-a116-e1e98de278b2
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f08fc5ff-f408-48bf-a116-e1e98de278b2
Page 2 of 2