Photo: VCG

China’s National Computer Virus Emergency Response Center warned on Thursday that a new “Silver Fox” Trojan variant has been identified, specially targeting Chinese users. The malware spread through files disguised with labels such as “internal investigation results,” “disciplinary violation list” and “layoff compensation.” Once a computer is infected, it could be remotely controlled, its data stolen, and potentially exploited by cybercriminals in telecom and online fraud schemes, according to the warning. 

According to a statement released by the center, the malicious software disguises itself as shortcuts, folders, documents, or compressed files, but is actually a remote-control Trojan targeting Windows users.

The new Trojan variant continues to use phishing and fraud tactics, extensively adopting deceptive human resources affairs-related file names such as “XX quarter disciplinary violation list,” “personnel notification information,” “layoff list” and “compensation plan,” while disguising the icons as folders, shortcuts or recycle bins, and adding a “pdf” suffix to mislead users, the center warned. 

According to the center, the “Silver Fox” series of Trojan malware attacks are closely linked to telecom and online fraud, and have long been targeting Chinese users. The malware is characterized by rapid evolution and high level of stealth. 

The newly identified Trojan campaign targets employees at medium- and large-sized organizations, especially personnel involved in human resources-related work. Its primary objective remains to use Trojan malware to control a large number of victims’ computers, steal sensitive corporate data and citizens’ personal information, and subsequently carry out extortion or fraud.

The center advised users to adopt preventive measures. Users are advised to be cautious of “disciplinary” or “layoff” files shared through instant messaging tools or email, avoid opening files from unknown senders, and verify suspicious documents sent by colleagues from their own or other organizations through the individuals themselves or official channels. 

The center also advised users to upload suspicious files, executable files, and compressed files to the national computer virus collaborative analysis platform for security checks, keep antivirus real-time protection enabled, and regularly update operating systems and antivirus software.

Once users discover that their messaging or email accounts have been compromised, they should immediately stop using the potentially virus-infected computer device, disconnect it from the network, and inform the organization’s network administrator, relevant colleagues, and friends and family of the situation, the center warned, reminding that users should back up important data, run a full antivirus and security scan, and replace all passwords with stronger credentials. 

Global Times