8 December 2021

Google disrupts Glupteba botnet that infected 1 million Windows machines worldwide


Google disrupts Glupteba botnet that infected 1 million Windows machines worldwide

Google has announced it has taken legal and technical action to disrupt operations of the blockchain-enabled botnet known as Glupteba that currently involves nearly 1 million infected Windows machines worldwide.

At times, Google says, it saw the infected network grow by about 1,000 devices per day. Glupteba is known for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. The botnet was observed targeting victims worldwide, including the US, India, Brazil and Southeast Asia.

The Glupteba malware family is mainly distributed via pay per install (PPI) networks and via traffic purchased from traffic distribution systems (TDS). According to Google’s Threat Analysis Group (TAG), the team terminated around 63M Google Docs observed to have distributed Glupteba, 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts associated with their distribution.

As part of the technical action against the botnet, Google says it disrupted botnet’s key command and control infrastructure, which should cripple the botnet, at least temporary.

“Unfortunately, Glupteba’s use of blockchain technology as a resiliency mechanism is notable here and is becoming a more common practice among cyber crime organizations. The decentralized nature of blockchain allows the botnet to recover more quickly from disruptions, making them that much harder to shutdown. We are working closely with industry and government as we combat this type of behavior, so that even if Glupteba returns, the internet will be better protected against it,” Google said.

The company also announced it filed a lawsuit against two Russian nationals (Dmitry Starovikov and Alexander Filippov) and other unknown individuals it believes have created and controlled the botnet over the past few years. The company is suing them in hopes that it “will set a precedent, create legal liability for the botnet operators, and help deter future activity.”


Back to the list

Latest Posts

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024
Sophisticated malware campaign targeting end-of-life routers and IoT devices

Sophisticated malware campaign targeting end-of-life routers and IoT devices

A recent campaign targeted over 6,000 ASUS routers in less than 72 hours.
27 March 2024
Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

Chinese APT groups target Southeast Asian nations in cyberespionage campaigns

The observed cyberattack employed phishing emails as the primary method of infiltration.
27 March 2024