Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers

Google recently announced its combat against the botnet known as Glupteba. They effectively disrupted the operations of this giant malware downloader and distributor. This botnet system infected over one million Windows computers globally.

The botnet stored its command-and-control server addresses on Bitcoin’s blockchain. This makes recovery from disruptions easier and is very difficult to shut down. Through its downloaded modules, the malware stands invisible in the face of antiviruses.

Google’s Threat Analysis Group & Cybercrime Investigation Group Partner Up in This Operation

The Cybercrime Investigation Group and Google’s Threat Analysis Group (TAG) joined forces this year to stop over 63 million Google Docs, 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts. They distributed the malware or were associated with its distribution.

Google’s TAG team also worked with internet infrastructure and hosting providers, such as Cloudflare. They placed warning labels in front of the domains.

Google also announced its lawsuit against two Russian citizens, Dmitry Starovikov & Alexander Filippov. They are believed to be managing the botnet along with 15 other defendants. Google branded the team as a “modern technological and borderless incarnation of organized crime.” The pair are accused of breaking several laws such as:

  • The Racketeer Influenced and Corrupt Organizations Act (RICO)
  • Computer Fraud and Abuse Act
  • Electronic Communications Privacy Act
  • Lanham Act
  • Tortious interference of business relationships (obtaining unjust enrichment)

What is the Botnet Glupteba Accused Of?

The giant botnet Glupteba is accused of:

  • Stealing user credentials and cookies
  • Mining cryptocurrencies on infected hosts
  • Deploying and operating proxy components that target Windows systems and IoT devices globally 

How Does Glupteba Work?

It often appears on sketchy third-party software or online movie streaming sites. The modular botnet Glupteba disguises itself as free software. Post-installation, it can illicitly access your PC to retrieve additional components and propagate criminal schemes such as:

  • Stealing personal data and selling it to third parties on “Dont[.]farm.”
  • Vending credit cards to conduct fraudulent purchases from Google Ads or other services
  • Selling unauthorized access as residential proxies through “AWMProxy[.]net” to hide the activities of bad actors
  • Initiating disruptive pop-ups on infected devices and hijacking their power for crypto mining operations

The Glupteba malware will download different modules on an infected device to perform specialized tasks. One example is spreading the infection from a Windows PC to a MikroTik router found on internal networks.

The stolen personal information related to Google and Facebook advertising accounts was sold on “Dont[.]farm”. The victim’s accounts would place ads with the botnet while suffering financial damage. The malware would use the victim’s money for the ads to spread themselves further, remaining undetected.

How To Protect Yourself From Cybercriminals?

Though Google disrupted the Glupteba botnet, the threat is still there. Other cybercriminals are imitating its features. To remain safe and protect yourself from would-be cybercriminals and hackers, you should:

Consult Reviews and Choose a Good Antivirus and VPN Provider

If you already have an antivirus, try to consult online reviews about it and see how it stands against the newly emerging online threats. If you go through online blogs and read about VPN reviews, you will understand how beneficial VPNs are. See which are the top VPN providers around. If anything grabs your eye, write their name on Google.

For example, you can write “NordVPN review” or your antivirus name and review at the end to get the latest online opinions. A VPN will help you in keeping your data encrypted, giving you that classic internet anonymity like it was back in the day.

Avoid Downloading Suspicious Files or Accessing Suspicious Links

It’s very tempting to download that latest movie, album, or game when it’s presented to you. Yet, this will most likely end up bad for you. You can end up getting some nasty malware on your PC. This also stands true when accessing suspicious links. It’s better to be safe than sorry. Do your research correctly before doing anything, or better, don’t try to risk it online. It isn’t worth it.

Don’t Use Your PC With Administrator Privileges & Keep Updating Your Software

Consider creating a different user with limited privileges on your PC. If infected, the virus will act with those privileges. The fewer, the better. Also, make sure to update your Windows, apps, and other software, such as your antivirus, constantly. Outdated software can act as a gateway for hackers and cybercriminals to breach your security.


Related Articles

Back to top button