Malware defeated by Google rises from the ashes

An illustration of Bitcoin with a financial value graph
(Image credit: eToro)

The Glupteba malware botnet, which Google managed to bring offline exactly a year ago, is back, and seems to be more resilient than before. 

Cybersecurity experts at Nozomi found TLS certificate registrations, blockchain transactions, as well as reverse-engineered Glupteba samples, which they say all point to a new, large-scale campaign that seems to have started last spring and is still alive and kicking.

Glupteba is described as a blockchain-enabled, modular malware, whose goal is to mine cryptocurrency on the infected endpoints, as well as steal user credentials and cookies. Furthermore, it is capable of deploying proxies, which the threat actors later sell as “residential proxies” to whoever is willing to pay.

Mining crypto

The malware usually disguises itself as free software, and gets an updated list of C2 servers via the Bitcoin blockchain. As setting up a C2 server isn’t expensive or cumbersome, and the Bitcoin blockchain being immutable as it is, taking the botnet down is quite the challenge. 

Still, transactions on the Bitcoin blockchain are public and pseudonymous, meaning anyone could track and analyze them, and possibly conclude who is behind each address or transaction.

So far, Glupteba’s operators are using 15 Bitcoin addresses, with the most recent one being activated in June 2022. That means the reborn version has more addresses than the previous one, making it somewhat more resilient. It was also said that the campaign is still ongoing. Furthermore, there are ten times more TOR hidden services being used as C2 servers. The most active address had 11 transactions, and reached out to 1,197 malware samples.

Glupteba’s previous malware botnet was taken down by Google in December 2021. The company managed to obtain a court order to seize the botnet’s infrastructure. It also filed complaints against two Russian operators, BleepingComputer reminds. 

Let’s see how long Glupteba lasts this time around.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A display showing off the Google TV homepage, with icons for 1917, Scoob!, YouTube and Twitch (among others)
This dangerous malware botnet now covers 1.6 million Android TVs - find out if you're at risk
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
NordVPN
US hit with over 1.9 billion malware threats last year - here's how to stay safe
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC