Google switches off the Glupteba botnet and sued the operators
Blockchain technology is used for countless innovative applications that offer a greater or lesser benefit. However, it is not immune to abuse, and it appears that Russian hackers have misused it to spread malware around the world. Google took action against the criminal group whose Glupteba botnet spread via the Bitcoin blockchain and infected millions of computers around the world.
In a blog post, Royal Hansen, Vice President for Security at Google, announced that the company had taken action against Glupteba. He pointed out that the botnet infected around a million Windows machines, making it one of the largest botnets in the world. Thousands of new victims are growing every day.
The operators of Glupteba use the botnet to steal login data and cookies, to install and operate proxy components on Windows systems and to mine cryptocurrencies on the infected computers. The pest is primarily targeting the USA, Brazil, India and other countries in Southeast Asia, but is on the move around the world.Shane Huntley, head of Google’s Threat Analysis Group, shared more details in another blog post , stating :
“The Glupteba malware family is distributed primarily through pay-per-install (PPI) networks and traffic purchased from Traffic Distribution Systems (TDS). Over a period of time, we observed thousands of malicious Glupteba downloads every day. “
Glupteba is abusing Bitcoin’s blockchain
Glupteba uses the Bitcoin blockchain, which gives it an unprecedented level of resilience. Not only does this make it difficult to turn off, but it also enables it to regenerate quickly even if it is turned off, as is now done by Google.
As soon as communication between the hackers and the botnet is broken, the botnet automatically searches for messages posted by the hackers that contain instructions on how to reconnect via the public Bitcoin blockchain. According to Chainalysis, this is the first time a botnet has used such an approach. Hansen commented:
“Unfortunately, Glupteba’s use of blockchain technology as a fail-safe mechanism is remarkable here and is being used more and more frequently by criminal organizations on the Internet. The decentralized nature of the blockchain enables the botnet to quickly recover from countermeasures disruptions, which makes it very difficult to shut it down permanently. “
Glupteba also used the Google resources to spread and the Google was forced to shut down some of those resources.
“We deleted around 63 million Google Docs distributed by Glupteba, 1,183 Google accounts, 908 cloud projects and 870 Google Ads accounts related to the distribution of Glupteba. In addition, Google Safe Browsing warned 3.5 million users before downloading a malicious file, ”the company said.
Google has also taken legal action against 17 suspects allegedly running the botnet. In its criminal complaint, the company accused two Russians – Alexander Filippov and Dmitry Staroviko – and 15 other people of computer fraud, trademark infringement and other allegations.
One of the suspects, Filippov, was located in the Russian Federation Tower in Moscow. The New York Times reported earlier this week that US cybercrime investigators had traced several other gangs of hackers back to the building.