Two Russian nationals were arrested recently after being linked to the operations of the Glupteba botnet for the past years. Furthermore, Google has also announced that they disrupted the malware’s operations to cripple it temporarily.
Google removed over 63 million Google Docs files after discovering that the Glupteba gang used these files for the malware’s distribution to the victims. Aside from Google Docs, over 1,100 Google accounts, 900 cloud projects, and 870 Google Ads accounts were also removed after creating and hosting the parts of the botnet.
Aside from Google’s efforts to remove the botnet, they teamed up with other internet infrastructure firms and web hosting providers to help take down Glupteba’s servers to control the botnet within the infected machines. Nevertheless, Google said that since the Glupteba botnet is engineered with a backup command-and-control (C&C) system that operates over the Bitcoin blockchain, their efforts in disrupting it may only be a temporary solution to cripple the threat group.
With the backup C&C system, the Glupteba group can maintain their control over all the infected servers in computers even though they have lost access to their primary command servers.
Google is positive that their efforts will still be effective since it can still affect the Glupteba botnet as they conduct their future operations and lose momentum in the coming months.
Security experts said that the Glupteba threat group has remained undetected for years by several cybersecurity firms, initially documented in 2011. It may also be one of the oldest malware that has been ever recorded.
The botnet targets Windows systems and depends only on pirated or cracked software and the pay-per-install (PPI) schemes to spread infection on its victims. After gripping the target device, the botnet will begin downloading various modules to operate on tasks.
Many analysts said that aside from being notorious for stealing data and cookies, the botnet can also mine cryptocurrency on the infected targets and deploy proxy components to target IoT (Internet of Things) machines and any Windows systems.
On top of crippling the Glupteba botnet, Google also announced that they had identified two Russian nationals that could be connected to the botnet’s operation since they owned some of the accounts and domains that had been taken down. These two individuals are named Alexander Filippov and Dmitry Starovikov, who are also suspected to be the botnet’s creators.