The Dragon Breath APT group is known for its sophisticated cyber-attacks on a wide range of industries, including the gambling industry. Recently, security researchers have uncovered the group's latest technique: the use of the double-clean-app method to evade detection and infiltrate targeted networks. 

The double-clean-app technique involves the use of two different types of malware, both designed to evade detection by traditional antivirus software. The first piece of malware is a "clean" version that appears harmless to security systems. It is often disguised as a legitimate application or file, such as a PDF document or a Microsoft Office file. 

Once the clean malware is downloaded and executed, it then downloads a second, more malicious piece of malware. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," said Sophos researcher Gabor Szappanos. "The latest campaigns add a twist in which a first-stage clean application 'side'-loads a second clean application and auto-executes it. The second clean application side-loads the malicious loader DLL. After that, the malicious loader DLL executes the final payload."

The second piece of malware is designed to infiltrate the targeted network and steal sensitive data, such as usernames, passwords, and financial information. It can also create backdoors for future attacks or cause damage to the network's infrastructure. QiAnXin reported on Operation Dragon Breath, also known as APT-Q-27 and Golden Eye, in 2020. 

The report described a watering hole campaign aimed at deceiving users into downloading a Windows installer for Telegram that had been infected with a Trojan virus. The Dragon Breath APT group has been using the double-clean-app technique to target the gambling industry. This industry is particularly vulnerable to cyber-attacks due to its reliance on online transactions and the storage of sensitive customer data. 

The group's attacks on the gambling industry have been highly sophisticated, involving the use of multiple techniques to evade detection. The group has also used social engineering tactics to trick employees into downloading malware or disclosing sensitive information. 

In addition to financial losses, a breach can lead to a loss of customer trust and reputational damage. Customers may be hesitant to continue using a platform that has been compromised, and regulatory authorities may impose fines or sanctions. 

To protect against these types of attacks, companies in the gambling industry must implement robust cybersecurity measures. This includes regular training for employees on how to identify and avoid phishing attacks, the use of advanced antivirus software, and the implementation of multi-factor authentication. 

Companies should also regularly conduct penetration testing and vulnerability assessments to identify any weaknesses in their systems. This will allow them to proactively address potential security issues before they are exploited by threat actors.