Background
On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our
article was published, Fodcha suffered a crackdown from the relevant
authorities, and its authors quickly responded by leaving "Netlab pls leave me
alone I surrender" in an updated sample.No surprise, Fodcha's authors didn't
really stop updating after the fraudulent surrender, and soon a new version was
released.
In the new version, the authors of Fodcha redesigned the communication protocol
and started to us