New “Silver Fox” Trojan Targets Chinese Users – How It Spreads and How to Defend
A recent advisory from China’s National Computer Virus Emergency Response Center reveals a new “Silver Fox” Trojan variant distributed via phishing pages and social‑media links, explains its infection process on Windows PCs, and outlines practical prevention steps for enterprises and individual users.
Recently, the National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention, using the National Computer Virus Collaborative Analysis Platform, discovered a new variant of the “Silver Fox” Trojan (also known as “You Snake”, “Gu Duo Thief”, etc.) targeting users in China.
Attackers craft phishing webpages themed around finance and tax topics and spread download links for the Trojan through WeChat groups.
When users click the phishing link, the page redirects based on the device type. Mobile users are prompted to use a computer, while PC users download an installer named “金稅四期(电脑版)‑uninstall.msi” or a zip file “金稅五期(电脑版)‑uninstall.zip”, which actually contain the latest “Silver Fox” Trojan variant.
Executing these files gives attackers remote control, data theft, network fraud, and a foothold for further attacks.
The phishing messages are often sent via WeChat, QQ groups, or email, masquerading as official notices about tax or financial policies and offering a “required program” download.
Criminals name the malicious files with terms related to tax or finance, such as “金稅四期(电脑版)”, to lure finance staff or small‑business owners. They also include keywords like “电脑版” or “PC版” to encourage installation on Windows PCs.
After installation, the Trojan registers a system service named “UserDataSvc_[random alphanumeric]” to achieve persistence and auto‑start on boot.
Prevention measures:
Do not trust notifications allegedly from government or financial institutions sent through WeChat, QQ, or other social media; verify through official channels.
Avoid downloading programs from links or QR codes shared in group chats.
If a device is compromised, inform colleagues, change passwords on a secure device, run antivirus scans, and consider reinstalling the operating system after backing up data.
Submit suspicious files to the National Computer Virus Collaborative Analysis Platform for analysis.
Source: National Computer Virus Emergency Response Center website, CCTV News app.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.