April 28, 2023
Google’s Threat Analysis Group (TAG) reported that it has interrupted the functioning of Glupteba, a sophisticated botnet. As a resiliency mechanism, the virus infected over one million Windows systems globally and placed its command-and-control server addresses on Bitcoin’s blockchain.
Over the past year, TAG collaborated with the CyberCrime Investigation Group to terminate approximately 63 million Google Docs that were found to have distributed malware. The organization also collaborated with internet infrastructure and hosting companies, such as Cloudflare, to demolish the virus by shutting down servers and putting interstitial warning pages in front of dangerous domains.
Google also filed a case against two Russians, Dmitry Starovikov and Alexander Filippov, who are accused of co-managing the botnet with 15 other unnamed defendants, calling the operation a “modern technological and borderless incarnation of organized crime.”
Glupteba has been observed stealing user passwords and cookies, mining cryptocurrency on compromised hosts, and deploying and operating proxy components targeting Windows computers and IoT devices. The botnet has been seen targeting victims in countries such as the United States, India, Brazil, and Southeast Asia.
The sources for this piece include an article in TheHackerNews.
