Large-Scale Cyberattack in Asia: BBIN Casino Provider Caught Distributing a Trojan Disguised as a VPN Browser

Infoblox and UN Research: Asian Casino Software Developer BBIN Spreads a Trojan

Cybersecurity experts Infoblox, together with UN representatives, have uncovered a large-scale malware campaign organised by Asian software developer BBIN (Baoying Group). The company, based in the Philippines and Cambodia, uses illegal online casinos in Southeast Asia to distribute the Trojan.

Attackers offer players to download the so-called "Universe Browser". This browser is advertised as a tool (VPN) necessary to bypass regional blocks and gain access to gambling sites.

However, as the researchers found out, the program is a Trojan. Once installed, Universe Browser intercepts absolutely all of the user's Internet traffic and redirects it through servers located in China. The software steals sensitive data and also functions as a keylogger, recording all keystrokes. Infoblox suggests that the number of installations of this malicious software is in the millions.

Connection with the Triads and methods of camouflage

The 'Universe' Trojan browser effectively disguises itself as legitimate 'Google Chrome' and uses advanced techniques to bypass antivirus programs. Communication with C&C servers is encrypted.

The investigation also shed light on the activities of BBIN itself. It has been established that it serves both legal iGaming operators and criminal structures accused of money laundering and even human trafficking. In addition, BBIN has been linked to Asian organised crime, in particular the Suncity group and other triads.

The alarming fact is that, according to the report, the malicious browser has been in operation since at least 2014 and continues to be actively distributed through BBIN's extensive affiliate network.