APT / THREAT GROUP
YoungLotus
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Simple malware with proxy/RDP and download capabilities. It often comes bundled with installers, in particular in the Chinese realm.
PE timestamps suggest that it came into existence in the second half of 2014.
Some versions perform checks of the status of the internet connection (InternetGetConnectedState: MODEM, LAN, PROXY), some versions perform simple AV process-checks (CreateToolhelp32Snapshot).
Threat Analysis
YoungLotus is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
win.younglotusDarkShareYoungLotus
External Intelligence
Malpedia: win.younglotusResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.