• About
  • Advertise
  • Careers
  • Contact
Monday, May 23, 2022
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Cyber Attacks

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

by Cyber360 News
May 27, 2020
in Cyber Attacks
0
Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems.

The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017 aimed at compromising Windows computers with MBR and VBR bootkits, and installing malicious drivers for financial gain and hijack web traffic to e-commerce sites.

In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware — a technique called steganography — the group has begun using Alibaba Cloud storage to host configuration files and Baidu’s analytics platform Tongji to manage the activity of its infected hosts, the researchers said.

The initial compromise relies on luring unsuspecting users to install game launching software from sketchy game portals that contain malicious code under the guise of a patch.

Chinese Botnet Malware

Once the user downloads and installs the patch, it accesses the aforementioned configuration information to download a separate program named “cs.dll” from Baidu Tieba that’s stored as an image file.

In the subsequent stages, “cs.dll” not only creates a bot ID and reports it back to the attacker-controlled server, but it also injects a second driver that hijacks system processes (e.g., lassas.exe and svchost.exe) in order to download next-stage payloads to advance the group’s motives.

Qihoo researchers also detailed a second infection chain wherein game client software is altered with malicious libraries (a modified version of photobase.dll), using a method called DLL hijacking to release and load the malicious driver before loading the legitimate module.

The company said it reached out to Baidu’s security team on May 14 and that they jointly took action to prevent the further spread of the botnet by blocking all downloads from the URLs involved.

“During this joint operation, through the analysis, sharing, and response of threat information, we have formed a better understanding of the technical means, logic, and rules of the Double Gun gang,” Baidu said.

Cyber360 News

Cyber360 News

Next Post
26M LiveJournal bloggers’ credentials a hit on dark web six years later

26M LiveJournal bloggers’ credentials a hit on dark web six years later

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In