DoubleGuns Botnet Description
The DoubleGuns Botnet is a threat that operates in China exclusively, and cybersecurity researchers suspect that it might have infected over 100,000 computers during the peak of its activity. The payloads that the DoubleGuns Botnet delivers have been changed multiple times, and it is not yet clear whether the botnet's original authors are spreading their own malware, or if they are offering paid propagation services to other cybercriminals in the region. The initial infection with the DoubleGuns Trojan usually occurs when Chinese users try to download and install a pirated game that was advertised on various social media sites and forum boards popular in China – this appears to be the malware propagation technique that DoubleGuns Botnet's authors prefer.
Once active, the DoubleGuns Botnet would complete one of the following routines on infected the machines:
- Install a rootkit or a fake corrupted driver that would contain a piece of malware. Usually, the botnet gang focuses on collecting credentials from various applications, but they seem to emphasize on gaming platforms like Steam.
- The DoubleGuns Botnet can be used for click-fraud – it can inject advertisements in Web browsers, or hijack the victim's QQ account to send private spam messages to their friends.
- Last but not least, the DoubleGuns Botnet could redirect the users whenever they try to access specific e-commerce sites.
Cybersecurity researchers in China were able to disrupt DoubleGuns Botnet's activity temporary by identifying the trick that the hackers used to feed commands to their bots – infected machines would download a specially crafted image hosted on the public Tieba service. The botnet payload was able to extract the attacker's instructions from the image, and then execute them – by taking down the images used to control the DoubleGuns Botnet, experts have been able to slow down its activity for now.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to DoubleGuns Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.