Google has just dismantled the Glupteba network, a botnet that has spread malware to around a million Windows devices using the Bitcoin blockchain. The pirates are said to be Russians.
Google announced on Tuesday that it had taken steps to shut down a network of around a million electronic devices hijacked used worldwide to commit crimes online. Google has notably worked with Internet hosting providers to decommission the servers that communicate with the botnet named Glupteba.
The “botnet” or “network” ofinfected devices were taken over and controlled remotely by cybercriminals, and allowed them to carry out illicit projects or denial of service attacks. The network, which was also used to mine Bitcoins without the knowledge of the owners of the computers, has been cut off, at least for now, from the people who manipulated it on the internet.
However, the US company warns that the botnet could return, thanks to a new backup mechanism that exploits the Bitcoin blockchain. In the meantime, Google still faces other threats on its network, as hackers are quick to steal Google Cloud accounts to mine cryptocurrencies. Other hackers have also managed to steal more than 400,000 euros in cryptocurrency thanks to Google ads.
What is Glupteba, the botnet that has infected over a million Windows PCs?
Glupteba is modular, blockchain-based malware that has been targeting Windows devices worldwide for at least 2011, especially in the United States, India, Brazil and countries in Southeast Asia. In total, more than a million devices are said to have been infected, and thousands of new machines were compromised every day.
To spread easily, the botnet masqueraded as free, downloadable software, video, or film that users unwittingly installed on their devices. Hackers thus used infected machines to steal personal data, mine cryptocurrencies such as Bitcoin and transport other Internet traffic. Since the botnet had access to the power of about a million devices, it had a large network that could be used to launch ransomware or other large-scale attacks. It was therefore necessary for the American group to take measures as quickly as possible to stop its spread.
The Glupteba botnet has always been difficult to target, since it uses blockchain technology to protect itself. Google’s threat analysis group has worked over the past year to disrupt the botnet by deleting around 63 million Google Docs, over 1,100 Google accounts, over 900 cloud projects, and 870 contributing Google Ads accounts. to network broadcasting.
To read also : A botnet threatens hundreds of thousands of connected objects
Google files lawsuits against Glupteba authors
Google said on Tuesday it was taking legal action to disrupt a bot network run by Russian-based operators, among other measures intended to combat the group. In a lawsuit filed in Federal Court for the Southern District of New York, Google points to the Russian nationals Dmitry Starovikov and Alexander Filippov as the two main operators of the Glupteba botnet, citing the Gmail and Google Workspace accounts they allegedly created to help them exploit the criminal enterprise.
However, 15 other as yet unidentified individuals were also reportedly spotted. The company pursues them in the hope of ” set a precedent, pose legal and liability risks to botnet operators and help deter future activity ».
This would be the first time Google has taken on a botnet, a spokesperson for the company in Mountain View, Calif., Said in an email. ” We are taking this step to better protect Internet users and to make cybercriminals understand that we will not tolerate this type of activity. ».
For their part, the US government and the Biden administration have also declared war on cybercriminals, and in particular ransomware. The US president recently convened 30 NATO and G7 member countries to end online threats and cyberterrorism. It is hoped that new measures to fight cybercrime will soon be better protect Internet users around the world.
Source : Google