Google announced today that it has taken steps to shut down the Glupteba botnet, which now controls more than 1 million Windows PCs worldwide, increasing the number of new infected devices by the thousands every day.
Glupteba is one malware with blockchain and modular capability targeting Windows devices worldwide from at least 2011, including the USA, India, Brazil and Southeast Asian countries.
The threats behind this malware strain are mainly distributing payloads to targeted devices through per-payment network (PPIs) and traffic purchased from traffic distribution systems (TDS) disguised as "free software, videos or downloadable movies".
After infecting a host, it can extract cryptocurrency, steal user credentials and cookies, and deploy proxies on Windows systems and devices IoT, which are later sold as "residential proxies" to other cybercriminals.
As part of Google's coordinated effort to disrupt the botnet, the company has taken over Glupteba's command and control (C2) infrastructure, which uses a Bitcoin blockchain backup mechanism to add resilience if major C2 servers stop responding.
Legal action to stop the botnet
Google has filed a temporary restraining order and complaint in the Southern District of New York against two Russian defendants (Dmitry Starovikov and Alexander Filippov) and 15 other unidentified individuals.
The complaint alleges that the 17 defendants were those who acted and coordinated Glupteba attacks with the ultimate goal of stealing user accounts and credit card information, selling ad placement and proxy access to infected devices, and cryptocurrency mining for fraud and computer abuse, trademark infringement. and other shapes.
Among the online services offered by Glupteba botnet operators, Google said, "selling access to virtual machines loaded with stolen credentials (dont [.] Farm), proxy access (awmproxy) and selling credit card numbers (extracard) that will be used for other malicious activities such as malicious advertising and Google Ads payment fraud. ”
On Monday, Microsoft also seized dozens of malicious websites used by the Nickel hacking team (also known as KE3CHANG, APT15, Vixen Panda, Royal APT and Playful Dragon) to target servers belonging to government agencies, diplomatic entities and non-governmental organizations. (NGOs) in the US and 28 other countries worldwide.
Source of information: bleepingcomputer.com