Zhanhao Chen

Jan 12, 2024 | unit42.paloaltonetworks.com | Lee Wei Yeong |Zhanhao Chen |Yang Ji |Qi Deng

This post is also available in: 日本語 (Japanese)Executive SummaryDuring our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud.

Oct 16, 2023 | unit42.paloaltonetworks.com | Zhanhao Chen |Fang Liu |Yang Ji |Qi Deng

Executive SummaryWe recently detected a new campaign from the XorDDoS Trojan that led us to conduct an in-depth investigation that unveiled concealed network infrastructure that carries a large amount of command and control (C2) traffic. When we compared the most recent wave of XorDDoS attacks with a campaign from 2022, we found the only difference between the campaigns was in the configuration of the C2 hosts.