Security News > 2020 > May > Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems.
In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware - a technique called steganography - the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said.
Once the user downloads and installs the patch, it accesses the aforementioned configuration information to download a separate program named "Cs.dll" from Baidu Tieba that's stored as an image file.
Qihoo researchers also detailed a second infection chain wherein game client software is altered with malicious libraries, using a method called DLL hijacking to release and load the malicious driver before loading the legitimate module.
The company said it reached out to Baidu's security team on May 14 and that they jointly took action to prevent the further spread of the botnet by blocking all downloads from the URLs involved.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/-MF2wJMUbps/chinese-botnet-malware.html
Related news
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)