Share this article
BTC
$79,011.16
+
0.06%ETH
$1,563.22
-
1.55%USDT
$0.9996
+
0.00%XRP
$1.9145
-
2.02%BNB
$556.53
+
0.46%USDC
$1.0000
-
0.01%SOL
$107.17
+
0.13%DOGE
$0.1489
-
1.21%TRX
$0.2282
-
1.10%ADA
$0.5846
+
0.78%LEO
$8.9273
+
0.57%TON
$3.0742
+
3.76%LINK
$11.50
+
1.23%XLM
$0.2330
-
1.29%AVAX
$16.73
+
3.34%SHIB
$0.0₄1141
+
0.28%SUI
$2.0435
+
6.16%HBAR
$0.1500
+
5.72%OM
$6.2745
+
6.99%BCH
$276.98
+
1.35%Sign Up
- Back to menuNews
- Back to menuPrices
- Back to menuResearch
- Back to menuConsensus
- Back to menuSponsored
- Back to menu
- Back to menu
- Back to menuResearch
- Back to menuWebinars & Events
- Back to menu
Google Sues to Shutter Cryptojacking Botnet That Infected 1M+ Computers
The botnet used the Bitcoin blockchain to evade cybersecurity officials and remain online, Google alleged.
Google on Tuesday moved to shut down a sophisticated cryptojacking botnet that used the Bitcoin blockchain to evade cybersecurity officials.
Known as “Glupteba,” the botnet has infected more than 1 million machines worldwide, Google said in a civil complaint filed Tuesday against Dmitry Staroviko and Alexander Filippov, as well as 15 unknown individuals. Google alleged the defendants utilized this botnet to mine cryptocurrencies on victims’ computers, steal victims’ account information to sell to third parties, purchase goods and services using credit cards with insufficient funds and sell access to compromised machines to third parties.
Story continues
Moreover, the botnet itself leveraged blockchain technology in a unique manner as an effort to secure it against traditional tools meant to disrupt these types of malicious activities. It effectively turned Bitcoin’s decentralization into an asset that made it “much harder to shut down,” Google executives wrote in a blog post.
The botnet weaponized the Bitcoin blockchain, according to Chainalysis, which said it helped Google’s investigation. By embedding command-and-control server addresses in the blockchain and then having the botnet turn to that data whenever an infected server was shuttered, it stays a step ahead of the cybersecurity whack-a-mole.
“This is the first known case of a botnet using this approach,” representatives for Chainalusis said in an email.
Google’s complaint went into more detail, saying that the “Glupteba Enterprise,” the entity controlled by the defendants, would use this method to direct the malware to new servers.
The botnet looked at three specific bitcoin addresses, according to a Google blog post.
Google said that while it has already taken some action to disrupt the botnet, the fact that it uses the Bitcoin blockchain means the operators can resurrect the network at any time.
“The Glupteba botnet cannot be eradicated entirely without neutralizing its blockchain-based infrastructure,” the complaint said.
Google filed fraud and racketeering allegations against the defendants in its suit.
Nikhilesh De
Nikhilesh De is CoinDesk's managing editor for global policy and regulation, covering regulators, lawmakers and institutions. When he's not reporting on digital assets and policy, he can be found admiring Amtrak or building LEGO trains. He owns < $50 in BTC and < $20 in ETH. He was named the Association of Cryptocurrency Journalists and Researchers' Journalist of the Year in 2020.
Danny Nelson
Danny is CoinDesk's managing editor for Data & Tokens. He formerly ran investigations for the Tufts Daily. At CoinDesk, his beats include (but are not limited to): federal policy, regulation, securities law, exchanges, the Solana ecosystem, smart money doing dumb things, dumb money doing smart things and tungsten cubes. He owns BTC, ETH and SOL tokens, as well as the LinksDAO NFT.
