Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
Google’s Threat Analysis Group has taken down the blockchain-enabled botnet known as Glupteba, which consists of roughly 1 million compromised Windows and Internet of Things (IoT) devices. Glupteba is able to expand at a rate of thousands of new devices per day, according to Google’s researchers. The botnet spreads via fake pirate software, YouTube videos, malicious documents, traffic distribution systems, and more. The malware’s unique makeup with a unique backup C2 scheme enabled by blockchain makes it difficult to completely eliminate. Once installed on a device, the botnet steals credentials and data, mines cryptocurrencies, and sets up proxies to funnel other internet traffic through already-infected machines.
The Glupteba botnet could also be leveraged for use in powerful ransomware or distributed denial of service attacks, according to Google’s report on the situation. The botnet’s operators offer other cybercrime-as-a-service operations including selling access to virtual machines with stolen credentials, selling credit card numbers, serving malicious ads, and proxy access says Google. For now, the operators behind Glupteba should no longer have control of their botnet.