Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.
Background
On April 13, 2022, 360Netlab first disclosed the Fodcha botnet. After our
article was published, Fodcha suffered a crackdown from the relevant
authorities, and its authors quickly responded by leaving "Netlab pls leave me
alone I surrender" in an updated sample.No surprise, Fodcha's authors didn't
really stop updating after the fraudulent surrender, and soon a new version was
released.
In the new version, the authors of Fodcha redesigned the communication protocol
and started to us
