Contact Contact Us

Trojan Infects Computers at 9 Universities, 60 Internet Café

A trojan known as XinGe (鑫哥) has infected at least 75,000 computers at nine universities and over 60 Internet cafes in China. The campaign is believed to have started in September 2018 with majority of the infections located in Guangdong province. The initial infection vector is unknown, but the trojan is downloaded using a publicly available software known as Ruiqi diskless system. XinGe is capable of hijacking websites by tampering with DNS network setting. This allows hackers to steal host information such as machine name, MAC address, intranet IP, and external network IP. The trojan also monitors QQ communication after stealing login credentials and retrieving QQ chat log.

[1] XinGe Trojan Hijacks over 60 Internet Cafes, Affects Computers in 9 Universities (Translated)

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883