DoubleGuns, a Windows malware targeting exclusively Chinese users since 2017, is now hindered by Qihoo and Baidu. DoubleGuns is multi-purpose malware, that has infected hundreds of thousands of systems to date. It will be served from various sources like pirated games but steals credentials, serves as, spamming and even hijacks traffic from e-commerce sites. This botnet’s operations are now hindered by Chinese tech firms.
The Chinese Exclusive Malware
We’ve seen most of the popular malware originating from Chinese, but if we think China itself is free from such infections, you’re wrong. Though it’s having its own internet space, cybercriminals do lean over the closed community for benefits just like others. After all, it’s a country with hundreds of millions of people using smartphones and computers, thus, a profitable bet.
And the ones cashing in this situation are the authors behind DoubleGuns. It’s a Windows malware targeting Chinese exclusively. It’s spread via various channels as free pirated games, and infect users PC with VBR and MBR rootkits. This is to install various malicious drivers, to steal users’ login credentials ultimately.
Apart from stealing credentials, it also acts as an adware and spamming tool. It even hacks user’s QQ accounts to spread via private messages and serve their friend’s devices with ads too! While these exploits are in the new version, the older versions have found hijacking traffic from e-commerce sites and even redirect users to clone sites for phishing attacks.
Disrupting the operation
And now, the Chinese cybersecurity firm, Qihoo and the domestic search engine giant, Baidu have teamed up to bar some of the malware’s operations. Firms here have found that DoubleGuns malware is using Steganography in its methodology, thus, disrupting this can affect the process.
Steganography is the use of images to embed information in them (via data it posses) to do something malicious. Here, DoubleGuns malware is leveraging Steganography to receive commands for its operations on an infected host.
And these images are downloaded from Baidu’s Tieba Service. So, Baidu and Qihoo are now identifying and taking down those images used by DoubleGuns and logging connections from infected hosts. This is how they realized the size of DoubleGuns’ infections – hundreds of thousands!