Chinese police have dismantled a sophisticated cybercrime network linked to a new variant of the Silver Fox Trojan virus.
The Ministry of Public Security’s cybersecurity bureau said the malware was designed to target high-value data, with attackers focusing on employees inside public institutions and corporate enterprises.
Investigators found that accounting and financial personnel were among the primary targets because of their access to banking credentials, payment systems and sensitive corporate records.
Silver Fox Trojan Targeted Finance Staff
Once installed on a target computer, the Silver Fox Trojan allegedly gave attackers full administrative control of the infected machine.
Security teams found that the malware could intercept SMS verification codes, steal banking passwords, record keyboard inputs and exfiltrate private corporate files to offshore infrastructure.
This made the Trojan especially dangerous for companies handling payments, vendor records, payroll information and internal financial data.
Jilin Police Identify Core Development Hub
A major breakthrough came when public security authorities in Jilin province traced a core development hub linked to the malware operation.
Cyber units identified an organised criminal cell allegedly led by a technical operator surnamed Chen.
Investigators found that Chen’s group was not only modifying the Silver Fox source code but also adding advanced obfuscation layers to evade standard enterprise security tools.
Phishing Emails Used to Enter Corporate Networks
The gang allegedly sent large volumes of deceptive phishing emails to public and private organisations.
These emails were designed to look like official notices, including fake tax audit alerts, subsidy-related messages and mandatory corporate meeting links.
Once employees clicked the malicious files, the attackers reportedly gained access to systems and mapped internal company hierarchies.
This information was then used to build realistic financial fraud scenarios.
Over 7 Million Yuan Allegedly Stolen
According to investigators, the network successfully siphoned more than 7 million yuan, or around $1 million, from compromised business accounts.
Jilin police have taken criminal compulsory measures against Chen and 26 other suspects as part of the ongoing investigation.
Authorities are continuing to examine the broader network, including malware infrastructure, stolen data routes and possible overseas connections.
How the Silver Fox Lure Worked
Cybersecurity specialists said the campaign relied heavily on social engineering.
Attackers allegedly spoofed government-style communications to make victims believe the messages were legitimate.
The malware payload was often disguised as ordinary files, folder shortcuts or recycle bin icons. Misleading extensions were used to trick users into opening infected files.
Once executed, the malware placed its components deep inside system directories and used process injection to run remote-control functions in memory.
This helped the Trojan avoid leaving obvious traces on the hard drive and made detection harder for basic scanners.
Authorities Issue Security Advisory
China’s Ministry of Public Security has urged organisations to strengthen software download and email verification practices.
Employees have been advised to download business software only from official and verified domains.
Authorities also warned users to carefully check website URLs because attackers often use look-alike domains, unusual suffixes or small character changes to imitate trusted portals.
Any email or chat message promising subsidies, requesting SMS codes or demanding urgent action should be verified through a direct phone call or secure communication channel before any data is entered.
What to Do if a System Is Compromised
Authorities said users should immediately disconnect a device from both wired and wireless internet if they notice suspicious behaviour such as:
- Cursor movement without user input
- Messaging apps sending links automatically
- Unexpected pop-ups
- Unknown files appearing
- Sudden system slowdown
Affected users should change banking, email and social media passwords from a separate clean device.
They should also alert network administrators so the compromised system can undergo forensic review and antivirus cleaning.
Why Financial Record Security Matters
Cyberattacks targeting finance departments can cause major losses because attackers often gain access to payment credentials, invoices, vendor details and account records.
Businesses must maintain strong internal controls, clean transaction records and proper access logs to identify suspicious activity early. Professional bookkeeping services in india can help organisations keep financial data organised, track unusual transactions and support faster response during cyber fraud investigations.
Shunyatax Global Insight
At Shunyatax Global, we believe cybersecurity and financial discipline are now deeply connected. As malware campaigns increasingly target accounting and finance teams, businesses must protect both their digital systems and financial records.
For more updates on cybersecurity, financial fraud, compliance, taxation and business risk management, visit Shunyatax.in and stay connected with Shunyatax Global.