Glupteba targets Windows machines and protects itself using blockchain technology. According to Google, the Glupteba botnet currently involves approximately one million compromised Windows devices worldwide, and at times, grows at a rate of thousands of new devices per day.
Glupteba, Google said in its blog, is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.
A botnet is a network of devices connected to the internet that have been infected with a type of malware that places them under the control of bad actors. They can then use the infected devices for malicious purposes, such as to steal your sensitive information or commit fraud through your home network.
On Tuesday, Google took action to disrupt Glupteba. Google said it has disrupted key command and control infrastructure with industry partners, which means that “those operating Glupteba should no longer have control of their botnet — for now.”
Google also decided to take legal action against its operators.
“Our litigation was filed against the operators of the botnet, who we believe are based in Russia. We filed the action in the Southern District of New York for computer fraud and abuse, trademark infringement, and other claims. We also filed a temporary restraining order to bolster our technical disruption effort. If successful, this action will create real legal liability for the operators,” Google said.
According to the company, Glupteba’s use of blockchain technology as a resiliency mechanism is becoming a more common practice among cybercrime organizations.
“The decentralized nature of blockchain allows the botnet to recover more quickly from disruptions, making them that much harder to shut down. We are working closely with industry and government as we combat this type of behavior so that even if Glupteba returns, the internet will be better protected against it,” Google said.
More from CyberNews:
Alliances between threat actors have led to the rise of the ransomware empire
Only up to five percent of ransomware cases are caused by phishing - interview
NSO Group's spyware used to hack US State Department iPhones
Over 50,000 European business users exposed in a data leak
Your organization’s network can be used to mine Monero: report
A glitch in the Revolut banking app sparked fears of a hack
Subscribe to our newsletter
Your email address will not be published. Required fields are markedmarked