The only evidence to classify this as “Chinese malware” (unless I missed something) is this:
> The more discernible variant of this malware uses Chinese characters for variable names. Therefore, we can assume the origin of this malware is China.
But the screenshot showing “Chinese characters for variable names” clearly displays gibberish; some of those “characters” aren’t even valid characters. Anyone who can read some Chinese can confirm this. Therefore, it’s more likely an obfuscation technique designed to trick people who don’t bother to verify anything and quickly jump to conclusions.
Edit: Or just an obfuscating technique that replaces variable names with random code points. Otherwise non-gibberish would be used, presumably.
> The more discernible variant of this malware uses Chinese characters for variable names. Therefore, we can assume the origin of this malware is China.
But the screenshot showing “Chinese characters for variable names” clearly displays gibberish; some of those “characters” aren’t even valid characters. Anyone who can read some Chinese can confirm this. Therefore, it’s more likely an obfuscation technique designed to trick people who don’t bother to verify anything and quickly jump to conclusions.
Edit: Or just an obfuscating technique that replaces variable names with random code points. Otherwise non-gibberish would be used, presumably.