The malware establishes contact with a hard-coded remote server (“sbido[.]com:2869”), allowing it to steal web browser data, log keystrokes, extract clipboard contents, and other valuable information from the compromised host.

CNCERT/CC and ThreatBook noted that the Black Cat cybercrime syndicate has compromised about 277,800 hosts across China between December 7 and 20, 2025, with the highest daily number of compromised machines within the country scaling a high of 62,167.

To mitigate the risk, users are advised to refrain from clicking on links from unknown sources and stick to trusted sources for downloading software.