- Aug 17, 2014
Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things (IoT) devices. In tandem, Google also filed a lawsuit against the botnet’s operators.
Glupteba, already a formidable presence worldwide, grows at a rate of thousands of new devices per day, according to TAG. It spreads via fake pirate software, fake YouTube videos, malicious documents, traffic distribution systems and more, researchers said. Once installed, it sets about stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other internet traffic through infected machines and routers.
“And at any moment, the power of the Glupteba botnet could be leveraged for use in a powerful ransomware or distributed denial-of-service (DDoS) attack,” Google noted in its lawsuit, shared with Threatpost on Tuesday.
“While analyzing Glupteba binaries, our team identified a few containing a git repository URL: git.voltronwork[dot] com, researchers explained. “This finding sparked an investigation that led us to identify, with high confidence, multiple online services offered by the individuals operating the Glupteba botnet. These services include selling access to virtual machines loaded with stolen credentials (dont[.]farm), proxy access (awmproxy), and selling credit-card numbers (extracard) to be used for other malicious activities such as serving malicious ads and payment fraud on Google Ads.”
To defang the beast, TAG disrupted “key command-and-control infrastructure so those operating Glupteba should no longer have control of their botnet — for now,” the group’s vice president of security Royal Hansen and general counsel Halimah DeLaine Prado said in a Tuesday posting.
Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.