Security Affairs
Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google disrupts the Glupteba botnet

Google announced to have disrupted the Glupteba botnet, a huge infrastructure composed of more than 1 million Windows PCs worldwide. Google announced to have taken down the infrastructure operated by the Glupteba, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. The blockchain-enabled botnet has been active since […]

Glupteba botnet

Google announced to have disrupted the Glupteba botnet, a huge infrastructure composed of more than 1 million Windows PCs worldwide.

Google announced to have taken down the infrastructure operated by the Glupteba, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world.

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Glupteba botnet

“In the summer of 2020, Google determined that Glupteba malware was being disseminated on numerous third-party software download sites, online movie streaming sites, and video downloader sites, often advertised as “free downloads.” states the complaint filed in the Southern District of New York for computer fraud and abuse, trademark infringement, and other claims. “Glupteba malware masquerades as free, downloadable software, videos, or movies (“freeware”) and infects a device when a user clicks on a link to the freeware. For example, users who click on a link looking to download a free game instead unknowingly download and install Glupteba malware.”

Google announced to have removed around 63 million Google Docs files used as part of the Glupteba operation to distribute the bot to the victims. The IT giant also removed 1,183 Google accounts, 908 cloud projects, and 870 Google Ads accounts used by the operators.

Google partnered with Internet infrastructure providers and hosting providers, such as CloudFlare, to take down servers used by the gang.

Google researchers believe that the operators of Glupteba botnet will likely attempt to regain control of the malicious infrastructure by using the C2 backup mechanism that leverages the Bitcoin blockchain.

“As announced today, Google has taken action to disrupt the operations of Glupteba, a multi-component botnet targeting Windows computers. We believe this action will have a significant impact on Glupteba’s operations. However, the operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism that uses data encoded on the Bitcoin blockchain.” reads the post published by Google.

In court documents [PDF], Google names Dmitry Starovikov and Alexander Filippov as two of Glupteba’s creators.

Google revealed that Starovikov and Filippov also operated several online websites to advertise the botnet. For example, the site dont.farm was used to sell access to compromised Google and Facebook advertising account.

Google researchers also shared Indicators of Compromise (IoCs) for the Glupteba botnet.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Glupteba botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]