As a nation with the most significant human population, and possibly the largest concentration of internet users all over the world, the Chinese are frequent target of malware and hackers. Attacks happen daily , from hacking to data breaches, and of course, malware.
One particular malware has claimed its place over the top, as China’s most significant and quite possibly the most destructive type of trojan, believed to have infected hundreds of thousands of Chinese machines and devices over the last half-decade. DoubleGuns, a malware trojan specifically geared to attack Windows machines since 2017, when cybersecurity experts first observed it. For some reason, its attacks are concentrated mostly on Chinese users, which amounts to more than 2 billion.
This malware is resilient, having no significant change or upgrade for several years and still as lethal as ever. It’s highly effective and infects users with MBR and VBR toolkits, execute driver packages with malicious scripts, and stealthily acquire user accounts from apps and games within the system. Hackers inject apps and games with the malware package and shared throughout several Chinese networks and gaming forums. It can also be delivered via ads and other spam packages that usually pops up on a user’s machines. Then spread itself via messaging applications, pre-programmed and ready to hijack different user accounts on affected devices.
Another notable trait of malware is network traffic redirection. DoubleGuns can block traffic from official websites or business portals and redirect visitors or users to other similar-looking webpages that have been defaced or taken over by the hackers. All of these are possible according to the security researchers that have inspected the malware’s code, which highlights its capability to disable antivirus and firewall software on targeted machines.
There have been some efforts recently, from several Chinese security firms, looking to fend off attacks from this malware.
The infection and damages it caused are more than enough to get the attention of these firms, and they simply cannot let these fraudulent activities pass. Since the 2nd week of May, these cybersecurity firms have been working hand-in-hand to disable the back-end operations of the hackers and the DoubleGuns Trojan. And while their efforts are merely a disruption, they are slowly inching their way to the heart of the procedures and are confident that they will soon be able to put a stop to the malware once and for all.