Grafana fixes zero-day vulnerability after exploits spread over Twitter
Google disrupts massive Glupteba botnet, sues Russian operators
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
New Cerber ransomware targets Confluence and GitLab servers
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Grafana fixes zero-day vulnerability after exploits spread over Twitter
AWS outage impacts Ring, Netflix, and Amazon deliveries
Alleged ransomware affiliate arrested for healthcare attacks
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Google disrupts massive Glupteba botnet, sues Russian operators
Google announced today that it has taken action to disrupt the Glupteba botnet that now controls more than 1 million Windows PCs around the world, growing by thousands of new infected devices each day.
Glupteba is a blockchain-enabled and modular malware that has been targeting Windows devices worldwide since at least 2011, including the US, India, Brazil, and countries from Southeast Asia.
Threat actors behind this malware strain are mainly distributing payloads onto targets’ devices via pay-per-install (PPI) networks and traffic purchased from traffic distribution systems (TDS) camouflaged as “free, downloadable software, videos, or movies.”
After infecting a host, it can mine for cryptocurrency, steal user credentials and cookies, and deploy proxies on Windows systems and IoT devices, which later get sold as ‘residential proxies’ to other cybercriminals.
As part of Google’s concerted effort to disrupt the botnet, the company took over Glupteba’s key command and control (C2) infrastructure, which uses a Bitcoin blockchain backup mechanism to add resilience if the main C2 servers stop responding.
“We believe this action will have a significant impact on Glupteba’s operations,” said Google Threat Analysis Group’s Shane Huntley and Luca Nagy today.
“However, the operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism that uses data encoded on the Bitcoin blockchain.”
Glupteba disruption over last year:
63M Google Docs 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts. 3.5M users were warned via Safe Browsing.

TAG also partnered with CloudFlare and others take down servers.
Google also filed for a temporary restraining order and a complaint in the Southern District of New York against two Russian defendants (Dmitry Starovikov and Alexander Filippov) and 15 other unknown individuals.
The complaint claims the 17 defendants were the ones operating and coordinating Glupteba attacks with the end goal of stealing user accounts and credit card info, selling ad placement and proxy access on infected devices, and mining for cryptocurrency in computer fraud and abuse, trademark infringement, and other schemes.
Among the online services offered by Glupteba botnet’s operators, Google mentioned “selling access to virtual machines loaded with stolen credentials (dont[.]farm), proxy access (awmproxy), and selling credit card numbers (extracard) to be used for other malicious activities such as serving malicious ads and payment fraud on Google Ads.”
“Unfortunately, Glupteba’s use of blockchain technology as a resiliency mechanism is notable here and is becoming a more common practice among cyber crime organizations,” Google’s Vice President for Security Royal Hansen and General Counsel Halimah DeLaine Prado added.
“The decentralized nature of blockchain allows the botnet to recover more quickly from disruptions, making them that much harder to shutdown. We are working closely with industry and government as we combat this type of behavior, so that even if Glupteba returns, the internet will be better protected against it.”
On Monday, Microsoft also seized dozens of malicious sites used by the Nickel China-based hacking group (aka KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon) to target servers belonging to government orgs, diplomatic entities, and non-governmental organizations (NGOs) in the US and 28 other countries worldwide.
Flubot Android malware now spreads via fake security updates
Google, Apple fined by Italian authority for aggressive data collection
Here are the new Emotet spam campaigns hitting mailboxes worldwide
Emotet malware is back and rebuilding its botnet via TrickBot
BotenaGo botnet targets millions of IoT devices with 33 exploits
Not a member yet? Register Now
Convincing Microsoft phishing uses fake Office 365 spam alerts
Malicious Excel XLL add-ins push RedLine password-stealing malware
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

800K WordPress sites still impacted by critical SEO plugin flaw

Russian hackers made millions by stealing SEC earning reportsThreat actors steal $80…

Glitch service abused to host short-lived phishing sites

US, UK warn of Iranian hackers exploiting Microsoft Exchange, FortinetRussian ransomware gangs…

Invisible characters could be hiding backdoors in your JavaScript code

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…

Researchers show that Apple’s CSAM scanning can be fooled easily

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…