New “Silver Fox” Trojan Variant Targets Chinese Users – Spread, Impact, and Prevention
The National Computer Virus Emergency Response Center reports a new “Silver Fox” Trojan variant distributed via phishing links in WeChat groups, disguised as tax‑related installers, which can hijack systems for remote control and fraud, and provides concrete steps for users and enterprises to defend against it.
Recently, the National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention, using the National Computer Virus Collaborative Analysis Platform, discovered a new variant of the “Silver Fox” Trojan (also known as “You Snake” or “Gu Duo Da Dao”) targeting users in China.
Attackers craft phishing webpages themed around finance or tax matters and spread download links for the Trojan through WeChat groups. The phishing page redirects based on the visitor’s device; mobile users are prompted to switch to a PC, while PC users receive a download.
When the link is clicked on a PC, a file named “金稅四期(电脑版)-uninstall.msi” or “金稅五期(电脑版)-uninstall.zip” is downloaded. Inside is the latest “Silver Fox” Trojan variant.
Executing the file grants attackers remote control, data theft, network fraud, and turns the infected machine into a jump‑host for further attacks.
The phishing messages often masquerade as official notices from tax or financial authorities, using enticing titles such as “Latest Tax Policy” and attaching the malicious program as a required tool. File names are deliberately chosen to resemble legitimate tax software, e.g., “金稅四期(电脑版)”, and include keywords like “电脑版” or “PC版” to lure users into installing on Windows PCs.
After installation, the Trojan registers a system service named “UserDataSvc_[random alphanumeric]” , ensuring persistence by auto‑starting on boot.
Prevention Measures
Do not trust notifications claiming to be from government or financial institutions posted in WeChat, QQ, or other social media; verify through official channels.
Avoid downloading programs from links or QR codes shared in chat groups, even if they appear official.
If you suspect account theft, inform colleagues and family, change passwords on a trusted device, run antivirus scans, and consider reinstalling the operating system after backing up important data.
Submit suspicious files to the National Computer Virus Collaborative Analysis Platform for analysis.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.