Gamers beware. A report by Chinese cybersecurity researchers recently discovered a malicious botnet campaign that infected hundreds of thousands of systems. This botnet campaign was spread through malware via pirate gaming portals.
The attack has been traced back to a China-based cybercrime group called DoubleGun which has amassed thousands of bots that it controls remotely through public cloud services like Alibaba and Baidu Tieba. This group compromises computers with Windows systems through MBR and VBR bootkits. The compromised computers have malicious drivers installed in them for financial gain and web traffic is diverted to e-commerce websites.
Beware of downloading games from illegal websites
Unsuspecting users were tricked into installing game launching software from illegal and pirated gaming portals. These users were tricked that they were downloading a patch for their game whereas, in reality, they were downloading malicious code.
On installing the patch, the malicious code access configuration information and downloads another program which is saved as an image file. This program creates a bot ID and reports back to the attacker’s server. It also installs another driver to hijack system processes to download more payloads and ensure that the infected systems can be controlled to the bidding of the group.
DoubleGun’s coordinated operations
For more background on this attack, the DoubleGun cybercrime group has been around since 2017. It has specifically targeted gamers in China over the years by distributing malware on sketchy gaming apps shared on Chinese websites. The group also uses online Chinese services like Alibaba’s Cloud Storage and Baidu Tieba to host configuration files and coordinate with infected systems, showing the extent of their reach.
It took a coordinated operation to identify this botnet campaign which had already affected thousands of personal computers. While this campaign was found across the Chinese online sphere, gamers in other countries should not rest easy. Malicious botnets are commonly used to target personal computers, especially through the tactics used by DoubleGun. That is why, whether you’re an avid gamer or just a normal PC user, everyone must take precautions.
1. Say no to piracy…always
Not only will you be helping game creators and preventing theft, you’ll also be at less risk of getting malware on your system. Like DoubleGun, many cybercrime gangs use pirated games or other software to inject malware onto PC systems.
2. Be careful of sketchy/shady modifications
Avid gamers like to jazz up their games by installing various modifications or patches. While there’s no harm in that, it’s important to ensure that you get these mods or patches only from authentic, verified sources. Don’t download files from sketchy websites at all – in fact, it’s a good idea to be check before opening a website that promises something that is too good to be true.
3. Keep your systems updated and secure
Download the latest patches and updates of your operating system and of all the games you actively play. Ensure you have a powerful and updated cybersecurity solution that can keep your system secure.
Quick Heal Total Security is an all-in-one security solution that meets all your cybersecurity needs. Enhanced Malware Protection keeps you safe from keyloggers, riskware, and other malicious programs while Web Security automatically detects potentially unsafe websites. Try Quick Heal Total Security and experience the Quick Heal advantage now.