Google Disrupts Glupteba Botnet - Threatwire
Added 2021-12-16 20:30:07 +0000 UTCBy Shannon Morse, ThreatWire
Botnets are still alive and well at the end of 2021, but Google has stepped in to disrupt one botnet that has infected 1 million devices. This botnet is coined Glupteba and it infects Windows machines. Operators were using google services to distribute the botnet, so, with the help of the CyberCrime Investigation Group, Google’s Threat Analysis Group terminated 63 million google docs, 1183 google accounts, 908 cloud projects and 870 google ads that were being using. But Glupteba is still being spread using the bitcoin blockchain as it’s command and control server for resilience.
Google TAG also worked with hosting and infrastructure providers to remove servers hosting the botnet and put a warning page in front of malicious domains.
Google has taken it a step further by filing a lawsuit against who they allege are behind the operation of this botnet. Google filed a lawsuit in the southern district of new york against two Russian defendants, stating they’ve infiltrated over a million computers and devices to create this botnet for illicit purposes such as stealing google users’ login credentials.
But that’s not all! Glupteba was being used to steal account information, vend credit cards to create fraudulent purchases via Google Ads, serve up pop up ads on compromised machines, and mine cryptocurrency. This botnet was first documented a decade ago and it just keeps going. This disruption will help, but it likely won’t be the end of it’s spread.
Glupteba Botnet
https://blog.google/technology/safety-security/new-action-combat-cyber-crime/
https://blog.google/threat-analysis-group/disrupting-glupteba-operation/
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/1_Complaint.pdf
https://www.cnet.com/tech/google-breaks-up-botnet-infecting-1-million-devices/
