Malware, Threat Management, Threat Management
Glupteba malware reemerges in widespread campaign
After being disrupted by Google last December, the Glupteba malware botnet has reemerged in a new ongoing widespread global campaign that began in June, BleepingComputer reports.
Nozomi Networks researchers examined 1,500 Glupteba samples in VirusTotal for cryptocurrency wallet address extraction and discovered 15 Bitcoin addresses associated with four different campaigns, the most recent of which commenced in June. More Bitcoin addresses have been leveraged in the ongoing campaign, compared with previous attacks, indicating the blockchain-enabled, modular malware's enhanced resilience.
The report also revealed a tenfold increase in TOR hidden services leveraged as command-and-control servers, compared with last year's campaign. Nearly 1,200 samples were communicated across 11 transactions by the most prolific cryptocurrency wallet address used in the ongoing Glupteba campaign.
Moreover, passive DNS data showed numerous Glupteba domain registrations as recently as Nov. 22. The findings suggest that the Glupteba botnet is stronger than ever and even more resistant to takedowns.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds