Google’s efforts to stop the Glupteba botnet fail

Despite Google’s announcement in 2021 that it had taken down the infrastructure used by the Glupteba botnet and sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet, the Glupteba botnet remains active.

A large number of compromised Windows devices power the Glupteba botnet. The malware is capable of stealing user credentials and other information, mining cryptocurrencies, and converting devices into proxies. It secures its command and control (C&C) structure using cryptocurrency blockchains.

The malware, which is spread via fraudulent ads or software cracks, can also retrieve additional payloads that allow it to steal credentials, mine cryptocurrencies, and expand its reach by exploiting vulnerabilities in MikroTik and Netgear IoT devices.

It’s also an example of an unusual malware that has been using blockchain as a mechanism for command-and-control (C2) since at least 2019, making its infrastructure resistant to takedown attempts as a traditional server would.

The most recent campaign, which began in June 2022, is larger than previous ones because it employs over a dozen Bitcoin addresses and involves the use of Tor services for C&C operations.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web