Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators

The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.

Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things (IoT) devices.

In tandem, Google also filed a lawsuit against the botnet’s operators.

Glupteba, already a formidable presence worldwide, grows at a rate of thousands of new devices per day, according to TAG. It spreads via fake pirate software, fake YouTube videos, malicious documents, traffic distribution systems and more, researchers said. Once installed, it sets about stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other internet traffic through infected machines and routers.

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive, anonymous Threatpost Poll!

“And at any moment, the power of the Glupteba botnet could be leveraged for use in a powerful ransomware or distributed denial-of-service (DDoS) attack,” Google noted in its lawsuit, shared with Threatpost on Tuesday.

The botnet’s operators also offer a slate of underground cybercrime-as-a-service offerings.

“While analyzing Glupteba binaries,

Read More: