Security News > 2020 > May > DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba.

The gang used Alibaba Cloud storage and China's largest online community, Baidu Tieba, to host configuration files; and URL addresses hosted by Tencent Weiyun were used to manage the activity of the infected hosts, researchers said.

"Clicking the download link will jump to a corresponding private server homepage where users are supposed to be able to download a game-launching patch. When user installs and launches the 'patch,' the malicious code accesses the configuration information server, and then downloads and dynamically loads the latest version of the malicious program named cs.dll from Baidu Tieba."

After the Bot ID is established, the DoubleGang Group used standard fields within the Baidu statistics interface to report sensitive information about the host.

"Based on the massive threat intelligence, Baidu security anti-underground-economy platform had taken cooperate actions to calculate the botnet's infection, provide risk warnings to infected users and eventually blocked all the malware download," according to a media statement from Baidu.

News URL

https://threatpost.com/doublegun-massive-botnet-cloud-services/156075/