The Glupteba botnet, which already controls over 1 million Windows systems around the world, has been taken down by Google. Since 2011, Glupteba has been operating as a blockchain-enabled, modular malware.
Even after the key C2 servers stopped responding, Google took over the hackers’ key command and control (C2) infrastructure, which uses a Bitcoin blockchain backup mechanism for more resilience.
Researchers suspect that Glupteba operators may try again using a backup C2 mechanism to reclaim control of the botnet.
Among online services, the operators were selling access to VMs filled with stolen credentials, proxy access, and credit card data numbers for running malicious ads and committing fraud on Google Ads
In addition, Google has initiated legal actions to halt Glupteba’s operations.
Google has filed a temporary restraining order and also a complaint against two Russians (Dmitry Starovikov and Alexander Filippov) and 15 other unidentified individuals.
According to the complaint, the 17 people were running and coordinating attacks with the aim of stealing user credentials and credit card information, as well as selling ad placement and proxy access.
Cryptomining, fraud, trademark infringement, and other scams were also offered by the accused.
Concluding Words
Cybercriminals are increasingly using blockchain technology to orchestrate large-scale cyberattacks. The botnet can quickly recover from disruptions due to the blockchain’s decentralized nature. As a result, private organizations and governments should collaborate in order to combat such threats.