Google shut down massive botnet that used the Bitcoin blockchain to spread malware

The malicious operation leveraged the Bitcoin blockchain as a backup mechanism to protect the lines of communication between the hackers’ servers and the rest of the botnet.

***

Google has taken action to disrupt a botnet which leveraged the blockchain toBitcoin the biggest and most popular cryptocurrency in the world. It is a decentralized digital currency that enables users to make trustless peer-to-peer transactions. to spread a price difference between asking and selling prices of the asset. malware malware or malicious software refers to harmful programs utilized by bad actors to illegally access and/or compromise a computer, network or server. among thousands of Windows devices. This was announced by the technology giant on Tuesday in a informe .

Labotnetor network ofbots automated software that can carry out tasks such as cryptocurrency trades. mass calledGluptebaThe program was running automatically to remotely infect the computers of thousands of users with malicious software and was based on a novel mechanism underpinned by the Blockchain a distributed ledger system. A sequence of blocks, or units of digital information, stored consecutively in a public database. The basis for cryptocurrencies.. It should be noted that the term ‘botnet‘ refers to a group of computer robots (bots) that essentially form an army of infected computers.

In its report, Google stated the operation allowed hackers to commit crimes from stealing personal information to secretly mining a process where blocks are added to a blockchain, verifying transactions. It is also the process through which new bitcoin or some altcoins are created. cryptocurrencies. The company has now filed a lawsuit against two Russian-based individuals, whom it accuses of being responsible for the hacking.

After extensive research, we determined that the Glupteba botnet currently involves approximately one million compromised Windows devices worldwide, sometimes growing at a rate of thousands of new devices per day.

“However, it is likely that Glupteba’s operators will attempt to regain control of the botnet using a backup command-and-control mechanism that uses data encoded in the Bitcoin blockchain“Google’s cybersecurity experts added by way of warning.

Glupteba’ affected one million computers

According to the report, the hackers spread the malware through “hacker” sites.free download“third party websites offering pirated videos and games. Unsuspecting users clicked on the download link to unknowingly receive a Trojan a trojan is a type of malware that is often disguised as legitimate software. virus computers are usually infected with a virus when a user unknowingly installs it via a downloaded file. that infected their computers.

In one case, the attackers even used a fake YouTube video download site to trick victims into installing their malicious code. Once on the computer, the malware hides and attempts to spread to any connected device. L Hackers can use the malware to install additional malicious payloads, which can steal login credentials and mine cryptocurrencies on the infected machine.

According to Google, the attacks have primarily targeted users based in the United States, India, Brazil and Southeast Asia. . The cybersecurity experts further warned that “.the power of the Glupteba botnet could be harnessed for use in a powerful ransomware ransomware is a type of malware used by hackers to steal or encrypt their victims’ files to extort them for a ransom in exchange for file decryption or restoration. or distributed denial-of-service (DDoS) attacknone

The botnetGlupteba is not exactly new. This malicious operation has been tracked by law enforcement and cybersecurity experts for years, as highlighted byWashington Post.

Google discovered thatGlupteba has infected around one million Microsoft Windows devices worldwide, which would place it among the largest botnets analyzed by security the term securities refers to a fungible and tradable financial instrument that carries a type of monetary value. experts. In addition, it also found that the hackers used Google’s own services to distribute the malware. Google took down approximately 63 million Google Docs, more than 1,000 Google Accounts and more than 900 Google Cloud cloud servers are typically located throughout different data centers all over the world. projects that were being used to spread Glupteba, the company said.

Uso de Bitcoin sophisticated, yet malicious

One of the perhaps most interesting aspects of the malicious operation is its sophisticated use of the network a network refers to all nodes in the operation of a blockchain at any given moment in time. Bitcoin which was used as a backup mechanism to protect the lines of communication between the hackers’ servers and the rest of the botnet.

“ Unlike conventional botnets, the Glupteba botnet does not rely solely on default (web) domains to ensure its survival. “Google wrote in the lawsuit, as quoted by the media outlet PC Magazine . The company added:

Instead, when the botnet’s C2 (command and control) server is disrupted, the Glupteba malware is coded to ‘search’ the public Bitcoin blockchain for transactions involving three specific Bitcoin addresses that are controlled by Glupteba Enterprise.

As a result, the hackers behind Glupteba can restore control of their botnet by writing encrypted instructions to a backup server in the Bitcoin . This makes the botnet ” particularly difficult to interrupt “, according to Google.

“ Therefore, the Glupteba botnet cannot be completely eradicated without neutralizing its Blockchain-based infrastructure. “, the company added.

Google toma cartas en el asunto

The tech giant indicated that it had worked with Internet infrastructure companies to take down servers used by hackers to control thebotnet. This renders the network of infected devices unable to receive new commands from their drivers, at least temporarily.

As part of the measures to dismantle the botnet, Google filed a lawsuit in the Southern District of New York against Russian nationals Dmitry Starovikov and Alexander Filippov, whom it accuses of operating the malicious network.

The two are being sued for computer fraud and abuse, trademark infringement, violations under the Racketeer Influenced and Corrupt Organizations Act (RICO), tortious interference with business relationships, unjust enrichment, and other allegations, as reported by Threat Post .

“ Our litigation was brought against the operators of the botnet, which we believe are based in Russia. “Google’s security experts wrote, as quoted by Google. “ We also filed a temporary restraining order to reinforce our technical disruption effort.If successful, this action will create real legal liability for operators. none

Google said it expects the lawsuit “will set a precedent, create legal and liability risks for botnet operators and help deter future activity.none

• Hackers are compromising Google Cloud accounts to mine cryptocurrencies
• Huobi Exchange businesses that allow customers to trade cryptocurrencies for fiat money or other cryptocurrencies. and Shiba Inu Community Help BitMart Overcome $200 Million Hacking hacking is the process of using a computer to manipulate another computer or computer system in an unauthorized fashion.
• Malware attacking Electrum wallets stole 2 BTC from user in new attack

Article by Hannah Estefania Perez /DiarioBitcoin

Imagen de Unsplash