China Chopper is aweb shell approximately 4kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, includingadvanced persistent threat (APT) groups, to remotely controlweb servers. This web shell has two parts, the client interface (anexecutable file) and the receiver host file on the compromised web server.
China Chopper has many commands and control features such as a passwordbrute-force attack option,code obfuscation, file anddatabase management and agraphical user interface.[1][2][3][4] It originally was distributed from a website www.maicaidao.com which is now down.FireEye revealed that the client of this web shell is programmed inMicrosoft Visual C++ 6.0
China Chopper was used in attacks against eight Australianweb hosting providers which were compromised due to their use of an unsupported operating system (Windows Server 2008).Hackers connected the web servers to aMoneromining pool, by which they mined about 3868 AUD worth of Monero.[5]
In 2021, a version of the web shell programmed inJScript was used byAdvanced Persistent Threat groupHafnium to exploit fourzero-day vulnerabilities inMicrosoft Exchange Server, in the2021 Microsoft Exchange Server data breach. This web shell was dropped when one of these vulnerabilities was exploited, allowing attackers to upload a program which ran with administratorprivileges.[6] With only the address of the.aspx file containing the script, aHTTP POST request could be made to the script with just a command in the request, causing the script to execute the command immediately using the JScript 'eval' function, allowing attackers to run arbitrary code on the server.[7]
 | Thiscomputer security article is astub. You can help Wikipedia byadding missing information. |