Malware defeated by Google rises from the ashes By Mobile Malls December 19, 2022 0 329 views The Glupteba malware botnet, which Google managed to deliver offline precisely a 12 months in the past, is again, and appears to be extra resilient than earlier than. Cybersecurity specialists at Nozomi discovered TLS certificates registrations, blockchain transactions, in addition to reverse-engineered Glupteba samples, which they are saying all level to a brand new, large-scale marketing campaign that appears to have began final spring and continues to be alive and kicking.Glupteba is described as a blockchain-enabled, modular malware, whose aim is to mine cryptocurrency on the contaminated endpoints, in addition to steal consumer credentials and cookies. Moreover, it’s able to deploying proxies, which the risk actors later promote as “residential proxies” to whoever is keen to pay.Mining cryptoThe malware often disguises itself as free software program, and will get an up to date record of C2 servers by way of the Bitcoin blockchain. As establishing a C2 server isn’t costly or cumbersome, and the Bitcoin blockchain being immutable as it’s, taking the botnet down is kind of the problem. Nonetheless, transactions on the Bitcoin blockchain are public and pseudonymous, which means anybody might observe and analyze them, and presumably conclude who’s behind every handle or transaction.Up to now, Glupteba’s operators are utilizing 15 Bitcoin addresses, with the latest one being activated in June 2022. Meaning the reborn model has extra addresses than the earlier one, making it considerably extra resilient. It was additionally stated that the marketing campaign continues to be ongoing. Moreover, there are ten occasions extra TOR hidden companies getting used as C2 servers. Essentially the most lively handle had 11 transactions, and reached out to 1,197 malware samples.Glupteba’s earlier malware botnet was taken down by Google in December 2021. The corporate managed to acquire a courtroom order to grab the botnet’s infrastructure. It additionally filed complaints towards two Russian operators, BleepingComputer reminds. Let’s see how lengthy Glupteba lasts this time round.This is our rundown of the perfect firewalls (opens in new tab) for the time beingThrough: BleepingComputer (opens in new tab)Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)MoreClick to print (Opens in new window)Click to email a link to a friend (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Tumblr (Opens in new window)Click to share on Pinterest (Opens in new window)Click to share on Pocket (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on WhatsApp (Opens in new window)
