Cyber Crime

Google disrupts Glupteba blockchain botnet that infected 1mn PCs

Google has also filed a lawsuit against the alleged Russian threat actors and operators of Glupteba Botnet.

On December 07th, 2021, Google revealed that it disrupted the Command and Control infrastructure of the Glupteba blockchain botnet targeting Windows devices. The company has now filed a lawsuit against the botnet’s Russian operators.

What is Glupteba?

Glupteba is a powerful botnet that’s been around since 2014 and comprises one million infected Windows devices from across the globe with the help of malicious pirated software. After it infects a computer, the Glupteba malware steals user credentials and other data, uses the host to mine cryptocurrencies, and turns compromised devices into proxies.

Cracked software spreading Glupteba malware (left) – Cryptocurrency scam ad that threat actors were spreading using Google Ads (right)

Glupteba is generally distributed through pay-per-install networks and traffic distribution systems. The botnet is believed to be growing at a rate of 1,000 devices per day.

According to a blog post from Google’s VP of security Royal Hansen and general counsel Halimah DeLaine Prado,

“Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.” 

Google’s Complaint

Google’s Threat Analysis Group has been tracking the botnet for several months before deciding on taking legal and technical actions against its operators.

“After a thorough investigation, we determined that the Glupteba botnet currently involves approximately one million compromised Windows devices worldwide, and, at times, grows at a rate of thousands of new devices per day,” the duo wrote.

First of Its Kind Litigation!

The litigation, dubbed first-of-its-kind by Google, aims to create “legal liability” for those who operate such botnets and deter botnet operators’ activities in the future. Google has named two Russian citizens and fifteen other individuals for operating the notorious botnet Glupteba, which they used to hack private data. 

This is Google’s first-ever lawsuit against any botnet operator(s). The lawsuit was filed [PDF] in New York and unsealed on Tuesday. It dubs the botnet creators Dmitry Starovikov, Alexander Filippov, and their accomplices as the modern-day examples of “organized crime” groups. The botnet stands out among others because of its sophisticated technology.

Google has also filed charges of computer fraud, trademark infringement, and abuse, among other charges, and the lawsuit is brought under the Racketeer Influenced and Corrupt Organizations (Rico) Act.

To Top

Pin It on Pinterest

Share This