Glupteba Botnet Continues to Thrive Despite Google's Attempts to Disrupt It
Dec 19, 2022
Blockchain / Botnet
The operators of the Glupteba botnet resurfaced in June 2022 as part of a renewed and "upscaled" campaign, months after Google disrupted the malicious activity. The ongoing attack is suggestive of the malware's resilience in the face of takedowns, cybersecurity company Nozomi Networks said in a write-up. "In addition, there was a tenfold increase in TOR hidden services being used as C2 servers since the 2021 campaign," it noted . The malware, which is distributed through fraudulent ads or software cracks, is also equipped to retrieve additional payloads that enable it to steal credentials, mine cryptocurrencies, and expand its reach by exploiting vulnerabilities in IoT devices from MikroTik and Netgear . It's also an instance of an unusual malware that leverages blockchain as a mechanism for command-and-control (C2) since at least 2019 , rendering its infrastructure resistant to takedown efforts as in the case of a traditional server. Specifically...