Security News > 2022 > December > Glupteba malware is back in action after Google disruption

Glupteba malware is back in action after Google disruption
2022-12-17 16:08

The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago.

Nozomi now reports that blockchain transactions, TLS certificate registrations, and reverse engineering Glupteba samples show a new, large-scale Glupteba campaign that started in June 2022 and is still ongoing.

Glupteba is a blockchain-enabled, modular malware that infects Windows devices to mine for cryptocurrency, steal user credentials and cookies, and deploy proxies on Windows systems and IoT devices.

Glupteba utilizes the Bitcoin blockchain to evade disruption by receiving updated lists of command and control servers it should contact for commands to execute.

Finally, Nozomi used passive DNS records to hunt for Glupteba domains and hosts and examined the latest set of TLS certificates used by the malware to uncover more information about its infrastructure.

The Nozomi investigation identified 15 Bitcoin addresses used in four Glupteba campaigns, with the most recent one starting in June 2022, six months after Google's disruption.


News URL

https://www.bleepingcomputer.com/news/security/glupteba-malware-is-back-in-action-after-google-disruption/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4230 4521 732 9739