Google Disrupts Large Botnet, Files Lawsuit against Russian Threat Actors

On Tuesday, Google took significant steps to disrupt and degrade the Glupteba botnet, which now controls over 1 million Windows PCs worldwide. Glupteba is a blockchain-enabled modular malware that has targeted Windows devices globally since at least 2011. Threat actors can then use the infected devices for malign purposes, such as stealing credentials or personally identifiable information. Glupteba is typically distributed onto a victim’s device through pay-per-install (PPI) networks and traffic acquired from traffic distribution systems (TDS) disguised as “free, downloadable software, videos, or movies.” Devices infected by Glupteba can then be used to mine for cryptocurrency, steal user credentials and cookies, and install proxies on Windows systems and internet of things (IoT) devices.

Google took over Glupteba’s command and control (C2) infrastructure to degrade the malware’s ability to operate. The company also filed for a temporary restraining order and filed a lawsuit against 17 defendants, two of them Russian, who are accused of being the criminals behind Glupteba. If the legal action is successful, Google hopes it could create real legal liability for the threat actors. Ultimately, Google’s actions are geared toward making the internet safter for all users. Read more at BleepingComputer.