Google has taken authorized and technical motion to disrupt the Glupteba malware and botnet operation, the tech big introduced Tuesday.
Although Glupteba trojan malware has been recognized in some kind since 2011, it has developed into a big, subtle botnet within the years since. Usually put in by way of pirated software program downloads, the botnet is usually used for stealing info and mining cryptocurrency. Based on Google’s investigation, roughly a million gadgets are presently compromised by the botnet.
The corporate filed a civil criticism in opposition to Dmitry Starovikov and Alexander Filippov, two Russian residents and the alleged operators of Glupteba, for “the theft and unauthorized use of Google customers’ login and account info.” Google filed the criticism beneath the Racketeer Influenced and Corrupt Organizations (RICO) Act, and mentioned it seeks “injunctive aid and compensatory and punitive damages in an quantity to be confirmed at trial.”
“Google has been and continues to be instantly injured by Defendants’ conduct,” the criticism learn.
Along with authorized motion, Google introduced Tuesday that it had, no less than briefly, disrupted Glupteba’s operations. As detailed in a technical publish, Google’s Menace Evaluation Group labored with each inside and exterior companions over the previous yr to take down command and management servers in addition to remove Google accounts and cloud assets utilized by the menace actors.
“We have terminated round 63M Google Docs noticed to have distributed Glupteba, 1,183 Google Accounts, 908 Cloud Tasks, and 870 Google Adverts accounts related to their distribution,” the technical publish learn. “Moreover, 3.5M customers have been warned earlier than downloading a malicious file by way of Google Protected Looking warnings.”
Taking down Glupteba is extra sophisticated than a typical botnet as a result of its command and management backup mechanism that makes use of the Bitcoin blockchain.
Erin Plante, senior director of investigative providers at blockchain safety vendor Chainalysis, advised SearchSecurity that as a result of this backup mechanism, “each time one among Glupteba’s C2 [command and control] servers is shut down, it may merely scan the blockchain to search out the brand new C2 server area handle, hidden amongst the a whole lot of 1000’s of day by day Bitcoin transactions worldwide.” Plante added that Google “used Chainalysis merchandise and investigative providers to analyze the botnet.”
Based on Google’s technical publish, “the operators of Glupteba are more likely to try to regain management of the botnet” as a result of backup mechanism.
Alexander Culafi is a author, journalist and podcaster based mostly in Boston.