Chinoxy Backdoor Description
The Chinoxy Backdoor appears to be a threat developed by malicious Chinese actors. Just like countless other online scams and malware strains, the Chinoxy Backdoor is being distributed via Coronavirus-themed phishing emails. The COVID-19 pandemic has inspired numerous cyber crooks from all around the globe who are using the panic to trick users into installing malware on their systems or falling for various scams.
The Chinoxy Backdoor is using the Royal Road RTF builder, which is a utility used almost exclusively by Chinese hackers. One of the newest campaigns distributing the Chinoxy Backdoor appears to be targeting Kyrgyzstani users. The phishing emails, which are distributing the Chinoxy Backdoor, contain a malicious .RTF file, which is created with the help of the Royal Road utility. This bogus .RTF file is disguised as a harmless document, which contains some important data in regards to financial aid provided by the United Nations that is meant to support Kyrgyzstan during the COVID-19 pandemic. If the user launches the malicious attachment, they will see the decoy document, which is likely to keep them distracted while the Chinoxy Backdoor is being installed on their computer.
The Chinoxy Backdoor is not a very complex piece of malware. Earlier variants of the Chinoxy Backdoor would only allow the operators to collect data regarding the system’s settings as well as run remote commands on the host. However, newer variants of this threat enable the attackers to deploy a keylogging module, which can collect the keystrokes of the user and collect sensitive information such as login credentials and banking details. If you want your system to be protected against threats like the Chinoxy Backdoor, you should consider investing in a genuine, up-to-date anti-malware solution.