DoubleGuns Botnet

Posted: June 1, 2020

DoubleGuns Botnet Description

The DoubleGuns Botnet is a threat that operates in China exclusively, and cybersecurity researchers suspect that it might have infected over 100,000 computers during the peak of its activity. The payloads that the DoubleGuns Botnet delivers have been changed multiple times, and it is not yet clear whether the botnet's original authors are spreading their own malware, or if they are offering paid propagation services to other cybercriminals in the region. The initial infection with the DoubleGuns Trojan usually occurs when Chinese users try to download and install a pirated game that was advertised on various social media sites and forum boards popular in China – this appears to be the malware propagation technique that DoubleGuns Botnet's authors prefer.

Once active, the DoubleGuns Botnet would complete one of the following routines on infected the machines:

  • Install a rootkit or a fake corrupted driver that would contain a piece of malware. Usually, the botnet gang focuses on collecting credentials from various applications, but they seem to emphasize on gaming platforms like Steam.
  • The DoubleGuns Botnet can be used for click-fraud – it can inject advertisements in Web browsers, or hijack the victim's QQ account to send private spam messages to their friends.
  • Last but not least, the DoubleGuns Botnet could redirect the users whenever they try to access specific e-commerce sites.

Cybersecurity researchers in China were able to disrupt DoubleGuns Botnet's activity temporary by identifying the trick that the hackers used to feed commands to their bots – infected machines would download a specially crafted image hosted on the public Tieba service. The botnet payload was able to extract the attacker's instructions from the image, and then execute them – by taking down the images used to control the DoubleGuns Botnet, experts have been able to slow down its activity for now.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DoubleGuns Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Botnets DoubleGuns Botnet

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.