Google Issues Temporary Halt on Crypto-Mining Botnet

Google has filed a lawsuit against two individuals living in Russia over a botnet they used to infect several computer networks for the purpose of mining cryptocurrency.

Google Goes After Glupteba

The botnet not only stole crypto assets but the personal information of unsuspecting victims. Google has worked with several internet infrastructure companies to remove servers that the hackers were using to control the networks they infected. The botnet has been deemed null and void at the time of writing and cannot accept commands from the hackers thanks to action taken by the search engine giant, though this may change soon.

In a statement, Google issued the following:

We don’t just plug security holes. We work to eliminate entire classes of threats for consumers and businesses whose work depends on the internet.

The botnet went by the name Glupteba and has allegedly been active for many years. Long the subject of law enforcement investigations and cybersecurity experts, the botnet worked to trick users into downloading malware onto their computers. The malware was disguised as free-to-download software on various sites. Once downloaded, the malware hid itself among the computer’s many files and spread to various connected devices. All this information was confirmed in a 2020 cybersecurity report from Sophos Labs.

Shane Huntley – the director of Google’s Threat Analysis Group – said that the company’s actions will be crucial in making sure Glupteba and similar forms of malware never have a space in Google’s infrastructure again. He stated:

This action will have a significant impact on Glupteba’s operations. However, the operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism that uses data encoded on the bitcoin blockchain.

According to a separate report published by Google, Glupteba had infected as many as one million Microsoft Windows devices across the globe. The company has filed a complaint in a New York-based court against both Dmitri Starovikov and Alexander Filippov, the two alleged leaders of the Glupteba network. The company says that both men set up Gmail accounts using the same IP address that sent commands to the botnet.

Could This Start Up Again?

In addition, the email accounts associated with the men were allegedly discovered on websites claiming to be selling the private information stolen from unsuspecting victims. As many as 63 million infected Google Docs, 1,000 Google email accounts, and over 900 Google Cloud projects have been taken down that the company believed were being used to spread the botnet.

Despite the good news, Google is claiming that Glupteba could potentially come back given that the hackers have allegedly incorporated a “fail-safe mechanism” that utilizes the BTC blockchain to issue various commands. While communication between the men and the botnet is cut off for the time being, the company says the network will automatically seek out new ways of reconnecting.

Source: Read Full Article