A campaign dubbed as “Twin Flower” (rough translation from Chinese) has been detected by Jinshan security researchers in a report published in Chinese. Trend Micro also analyzed related samples, which are detected as PUA.Win32.BoxMini.A, Trojan.JS.TWINFLOWER.A, and TrojanSpy.JS.TWINFLOWER.A. The files are believed to be downloaded unknowingly by users when visiting malicious sites or dropped into the system by another malware.
The potentially unwanted application (PUA) PUA.Win32.BoxMini.A files are either a component or the main executable itself of a music downloader that automatically downloads music files without user consent.
Source: Trend Micro