'Glupteba' malware gets back again, threating millions of devices
Glupteba botnet is reported to be still active after Google's strict efforts to disrupt it.
Today, we have informed you about the fact that hackers target users with over 400,000 different malware files daily. However, a botnet, that is called as 'Glupteba', a malicious program that Google managed to take offline about a year ago, seems to be still active despite Google's these disruption efforts.
Glupteba is still active despite disruption efforts of Google
Cybersecurity experts announced that they found examples of reverse engineered Glupteba botnet as well as TLS certificate records, blockchain transactions. While the malware has been found to be active since Spring 2022, it is stated that it may again be part of a large-scaled project.
It is known that the main purpose of Glupteba is to infect as many devices as possible and use them to create a botnet network. Botnets can often be used for crypto mining operations, DDoS attacks, and hiring as a service to some hackers online.
Google made the announcement in December 2021 that it had taken action against the Glupteba botnet and its alleged operators, Dmitry Starovikov and Alexander Filippov, who were Russian citizens. Google had taken down command-and-control (C&C) infrastructure in collaboration with industry partners after filing a lawsuit against these two men.
Glupteba disguises itself in Bitcoin blockchains
The Glupteba often disguises itself as free software and finds itself on the updated list of C2 servers via the Bitcoin blockchain. In addition to being financially easy to set up a C2 server, it is very difficult to crash the botnet with the Bitcoin blockchain being immutable.
The fact that transactions on the Bitcoin blockchain are open to everyone makes these transactions traceable. By analyzing the transactions made, it can be found who is behind each address or transaction. So far, it has been revealed that Glupteba's operators use 15 Bitcoin addresses. The last address is said to have been activated in June 2022.
It's only a matter of time before Google takes new actions about this malicious botnet program. It is also recommended that people using computers or phones regularly scan their devices for viruses and do not download from unknown sources.