ZxShell – aka Sensocode – is a remote access trojan backdoor that is available on the internet, especially on Chinese hacker websites. Once downloded, the backdoor can scan ports, work as a keylogger, execute a reverse command shell, generate SYN floods, and more techniques for the data exfiltration. It maintains persistence and can also infect other systems in the network. It was used by threat actor group 72 for cyber espionage operations. ZxShell has been used since at least 2004. Its detection and removal are quite difficult in a system as it has a variety of techniques that makes it undetectable. ZxShell RAT can be used to steal credentials and other sensitive data in the infected system.