Malware defeated by Google rises from the ashes

Malware defeated by Google rises from the ashes

The Glupteba malware botnet, which Google managed to deliver offline precisely a 12 months in the past, is again, and appears to be extra resilient than earlier than. 

Cybersecurity specialists at Nozomi discovered TLS certificates registrations, blockchain transactions, in addition to reverse-engineered Glupteba samples, which they are saying all level to a brand new, large-scale marketing campaign that appears to have began final spring and continues to be alive and kicking.

Glupteba is described as a blockchain-enabled, modular malware, whose aim is to mine cryptocurrency on the contaminated endpoints, in addition to steal consumer credentials and cookies. Moreover, it’s able to deploying proxies, which the risk actors later promote as “residential proxies” to whoever is keen to pay.

Mining crypto

The malware often disguises itself as free software program, and will get an up to date record of C2 servers by way of the Bitcoin blockchain. As establishing a C2 server isn’t costly or cumbersome, and the Bitcoin blockchain being immutable as it’s, taking the botnet down is kind of the problem. 

Nonetheless, transactions on the Bitcoin blockchain are public and pseudonymous, which means anybody might observe and analyze them, and presumably conclude who’s behind every handle or transaction.

Up to now, Glupteba’s operators are utilizing 15 Bitcoin addresses, with the latest one being activated in June 2022. Meaning the reborn model has extra addresses than the earlier one, making it considerably extra resilient. It was additionally stated that the marketing campaign continues to be ongoing. Moreover, there are ten occasions extra TOR hidden companies getting used as C2 servers. Essentially the most lively handle had 11 transactions, and reached out to 1,197 malware samples.

Glupteba’s earlier malware botnet was taken down by Google in December 2021. The corporate managed to acquire a courtroom order to grab the botnet’s infrastructure. It additionally filed complaints towards two Russian operators, BleepingComputer reminds. 

Let’s see how lengthy Glupteba lasts this time round.

  • This is our rundown of the perfect firewalls (opens in new tab) for the time being

Through: BleepingComputer (opens in new tab)