Because Chinese users usually hang out in their own corner of the internet, behind the Great Firewall, we tend to forget that they are also targeted by malware on a daily basis; albeit different malware, and not usually the same that targets everyone else.
For the past three years, the DoubleGuns trojan has emerged to take the crown as one of China's largest malware botnets.
In an interview with ZDNet earlier today, Chinese antivirus vendor Qihoo 360 says DoubleGuns is exclusively found in China and is believed to have infected hundreds of thousands of Chinese users at the time of writing, with millions of historical infections over the past years.
What is DoubleGuns
DoubleGuns is a malware trojan that targets Windows devices. The malware has been operating since July 2017 when Qihoo researchers spotted the first samples distributed in the wild.
As mentioned above, the trojan targets Chinese users exclusively, and this is very clear when analyzing the malware's source code, which includes functions to disable security software, most of which are Chinese antivirus products.
Qihoo and Baidu temporarily disrupt DoubleGuns
In a blog post last week, Qihoo 360 says it recently teamed up with fellow Chinese tech giant Baidu to disrupt the botnet's operations, which have grown too large to be ignored.
Qihoo says that since May 14, they've been working with Baidu in a joint operation to take down some of the botnet's backend infrastructure, most of which has been using Baidu's Tieba image hosting service.
According to Qihoo, for the past three years, DoubleGuns has been downloading images from the Tieba service. The images contained secret code (hidden inside the image using a technique known as steganography) that provided DoubleGun bots with instructions of what operations to perform on the infected hosts.
Qihoo and Baidu say that for the past two weeks, they've been taking down images used by DoubleGuns and logging connections from infected hosts, which is how they found about the botnet's massive size, currently estimated at "hundreds of thousands" of infected computers.
The disruption is considered temporary, as other parts of the botnet's infrastructure are still running, and the botnet's operators are still at large.
The 15 top malware threats facing you and your organisation