近日,国家计算机病毒应急处理中心和计算机病毒防治技术国家工程实验室依托国家计算机病毒协同分析平台,在我国境内发现针对我国用户的“银狐”(又名:“游蛇”“谷堕大盗”等)木马病毒最新变种。
攻击者通过构造财务、税务等主题的钓鱼网页,通过微信群传播该木马病毒的下载链接。用户点击上述钓鱼链接后,钓鱼网页会根据用户终端类型进行跳转,如果用户使用手机终端访问,则会提示用户使用电脑终端进行访问;用户使用电脑终端访问链接后会下载文件名为“金稅四期(电脑版)-uninstall.msi”的安装包文件或“金稅五期(电脑版)-uninstall.zip”的压缩包文件(内含同文件名的可执行程序文件),实际为“银狐”木马病毒家族的最新变种程序。如果用户运行相关程序文件,将被攻击者实施远程控制、窃密、网络诈骗等恶意活动,并充当进一步攻击的“跳板”。
据介绍,钓鱼信息可能通过微信群、QQ群等社交媒体或电子邮件发送,信息通常为犯罪分子伪造的官方通知,主题通常涉及财税或金融管理等公共管理部门发布的最新政策和工作通知等,并附所谓的对接相关工作所需专用程序的下载链接。
犯罪分子通常会将木马病毒程序的文件名设置为与财税、金融管理部门相关工作具有显著关联,且对相关岗位工作人员具有较高辨识度的名称,如“金稅四期(电脑版)”“金稅五期(电脑版)”等,并以此为诱饵欺骗企业中的财务管理人员或个体经营者。由于目前该木马病毒程序的变种大多只针对安装Windows操作系统的传统PC环境,犯罪分子也会在文件名中设置“电脑版”“PC版”等关键词以诱导受害用户在相应环境下安装。
防范措施
国家计算机病毒应急处理中心提示广大企事业单位,特别是从事电商业务的中小微企业以及个体经营者和个人网络用户,临近年末,各类财税和金融业务繁忙,从事相关业务的工作人员务必提高警惕,防范以计算机病毒为作案工具的电信网络诈骗活动。建议广大用户采取以下防范措施:
1、不要轻信微信群、QQ群或其他社交媒体软件中传播的所谓政府主管部门或金融机构发布的通知,应通过官方渠道进行核实。
2、不要从微信群、QQ群或其他社交媒体软件的聊天群组中传播的网络链接(或二维码)下载所谓的官方程序。
3、一旦发现微信、QQ或其他社交媒体软件发生被盗现象,应向亲友和所在单位及同事告知相关情况,并通过相对安全的设备和网络环境修改登录密码,并对自己常用的计算机和移动通信设备进行杀毒和安全检查,如反复出现账号被盗情况,应在备份重要数据的前提下考虑重新安装操作系统和安全软件并更新到最新版本。
4、对安全性未知的可疑文件,可访问国家计算机病毒协同分析平台进行提交检测。
Latest Trojan Variant “Silver Fox” Detected in China: Alert and Prevention Measures
Recently, the National Computer Virus Emergency Response Center and the National Engineering Laboratory for Cybersecurity Emergency Response Technology, utilizing the National Computer Virus Collaborative Analysis Platform, have identified a new variant of the “Silver Fox” Trojan virus (also known as “Snake” and “Guido Thief”) targeting users in China.
Attack Overview
Attackers distribute this Trojan virus through phishing webpages with themes related to finance and taxation. These phishing links are shared via WeChat groups. When users click on the malicious links, the phishing webpage redirects them based on their device type:
- Mobile users are prompted to switch to a computer to access the page.
- Desktop users are prompted to download a file, either named “Gold Tax Phase IV (PC Version) – uninstall.msi” or a compressed package named “Gold Tax Phase V (PC Version) – uninstall.zip” containing an executable file with the same name.
These files are, in fact, the latest variants of the “Silver Fox” Trojan virus family. If executed, the virus enables attackers to conduct malicious activities, such as remote control, data theft, and online fraud, and use the infected systems as “stepping stones” for further attacks.
Method of Distribution
Phishing messages are commonly disseminated via WeChat, QQ groups, social media platforms, or email. Criminals often impersonate official entities to fabricate notifications, typically centered on recent policies or operational updates from public administration bodies such as finance or tax authorities. These messages include download links for supposed specialized software necessary for compliance.
To enhance credibility, attackers name the virus files to closely resemble recognizable terms associated with finance and tax management, such as “Gold Tax Phase IV (PC Version)” or “Gold Tax Phase V (PC Version).” They specifically target financial management personnel within enterprises or individual business operators.
As most variants of this Trojan virus are currently designed for traditional PC environments running Windows operating systems, criminals often include terms like “PC Version” in the file name to lure users into installing the software on appropriate devices.
Preventive Measures
The National Computer Virus Emergency Response Center urges enterprises, particularly small and medium-sized e-commerce companies, individual business operators, and personal internet users, to remain vigilant, especially toward year-end when financial and taxation tasks are at their peak. To guard against telecom network fraud utilizing computer viruses, users are advised to take the following precautions:
- Verify Information Through Official Channels
Do not trust notifications allegedly from government authorities or financial institutions disseminated through WeChat, QQ groups, or other social media. Verify such information through official channels. - Avoid Downloading Programs from Untrusted Links
Do not download programs from links (or QR codes) shared in WeChat, QQ, or other group chats claiming to provide official software. - Respond Quickly to Account Theft
If your WeChat, QQ, or other social media accounts are hacked, immediately inform friends, colleagues, and your workplace about the breach. Use a secure device and network to change your login password, perform antivirus and security checks on your frequently used computers and mobile devices, and consider reinstalling the operating system with the latest security updates if repeated hacking occurs. Backup important data beforehand. - Submit Suspicious Files for Inspection
If you encounter suspicious files, submit them to the National Computer Virus Collaborative Analysis Platform for testing and verification.
By adhering to these preventive measures, users can protect their systems and data from malicious threats and contribute to creating a safer digital environment.
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
Statement: Unless otherwise specified or noted, all articles on this site are original publications by our platform. Any individual or organization is prohibited from copying, stealing, collecting, or publishing the content of this site on any website, book, or other media platform without obtaining prior permission from us. If any content on this site infringes upon the legitimate rights of the original author, please contact us for resolution.