Chinoxy Backdoor
The Chinoxy Backdoor is a new threat that takes advantage of the panic surrounding the COVID-19 pandemic. There is suspicion that the attacks via the Chinoxy Backdoor are being orchestrated by a Chinese threat actor, but we are yet to see a specific group being linked to these attacks – however, the fact that the malware uses the Royal Road RTF builder is an almost guaranteed sign that Chinese threat actors are involved.
The most recent COVID-themed email campaign to spread the Chinoxy Backdoor targets victims in Kyrgyzstan. The email contains a malicious RTF file created via 'Royal Road' and it tries to pose as a legitimate document that contains information regarding the financial support that Kyrgyzstan is bound to receive by the United Nations. The RTF file is meant to load a decoy document that will keep the user busy, while the Chinoxy Backdoor will run in the background.
The Chinoxy Backdoor is not an advanced piece of malware in terms of functionality – older variants simply allowed the attacker to execute remote commands, as well as to gather data about the infected system's configuration. However, its authors introduced a keylogger module in a recent update, and this certainly turns the Chinoxy Backdoor into a far more serious threat. Thankfully, malware like this can be stopped easily with the help of a regularly updated antivirus service.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.