Chinese tech companies Qihoo 360 and Baidu have teamed up in a fight against DoubleGuns, one of China's largest malware botnets that targets only users in China and is believed to have infected hundreds of thousands of victims to date.
DoubleGuns is a Windows malware that has been targeting Chinese users since 2017. While growing in size, the botnet has undergone a few changes in the past three years. The malware is mainly being spread via malicious apps shared on Chinese websites, with most being pirated games made available on Chinese social networks and gaming forums.
The main purpose of DoubleGuns is to deliver MBR and VBR bootkits on infected devices, install various malicious drivers, and then steal credentials from local apps, such as Steam. The malware can also act as adware and is able to hijack QQ accounts to spread ads to the victim's friends via private messages, ZDNet wrote.
In a recent blog post Qihoo said that since May 14 it has been working with the Baidu security team to disrupt the DoubleGuns botnet operations. The companies’ joint efforts resulted in the takedown of some of the botnet's backend infrastructure, most of which has been using Baidu's Tieba image hosting service.
Qihoo said that for the past three years DoubleGuns has been downloading images from the Tieba service. The malware used a technique known as steganography to conceal malicious code in images. This code was used to provide DoubleGun bots with instructions of what operations to perform on the infected hosts.
For the past two weeks Qihoo and Baidu have been working on identifying and taking down malicious images and logging connections from infected hosts, which gave them insight into a real size of the botnet, currently estimated at "hundreds of thousands" of infected hosts.