PC Magazine - USA (2022-01)

But perhaps Glupteba’s most striking feature is how it relies on the Bitcoin
blockchain as a backup mechanism to protect communication lines between the
hackers’ servers and the rest of the botnet.

³8QOLNHFRQYHQWLRQDOERWQHWVWKH*OXSWHEDERWQHWGRHVQRWUHO\VROHO\RQ
predetermined (web) domains to ensure its survival,” Google wrote in the
lawsuit. “Instead, when the botnet’s C2 (command and control) server is
interrupted, Glupteba malware is hard-coded to ‘search’ the public Bitcoin
EORFNFKDLQIRUWUDQVDFWLRQVLQYROYLQJWKUHHVSHFL¿F%LWFRLQDGGUHVVHVWKDWDUH
controlled by the Glupteba Enterprise.”

As a result, the hackers behind Glupteba can restore control to their botnet by
writing encrypted instructions for a backup server on the Bitcoin blockchain.
7KLVPDNHVWKHERWQHW³SDUWLFXODUO\GL̇FXOWWRGLVUXSW ́*RRJOHVDLG

³7KXVWKH*OXSWHEDERWQHWFDQQRWEHHUDGLFDWHGHQWLUHO\ZLWKRXWQHXWUDOL]LQJ
its blockchain-based infrastructure,” the company added.

Nevertheless, Google is hoping it can discourage the suspected hackers from
UXQQLQJWKHERWQHW7KHFRPSDQ\¶VODZVXLWQDPHV'PLWU\6WDURYLNRYDQG
$OH[DQGHU)LOLSSRYDVWKHWZR5XVVLDQVEHKLQGOXSWHEDFLWLQJPDLODQG
Google Workspace accounts they allegedly created to help them operate the
criminal enterprise.

7KHFRPSDQ\¶VODZVXLWLVQRZGHPDQGLQJWKH86FRXUWIRUFH6WDURYLNRYDQG
Filippov to pay damages and bar them from using Google services ever again.

6LQFHERWK6WDURYLNRYDQG)LOLSSRYDUHEDVHGLQ5XVVLD²DFRXQWU\WKDWUHIXVHV
WRH[WUDGLWHVXVSHFWHGKDFNHUVWRWKH86²WKH\¶OOOLNHO\QHYHUIDFHWULDO6WLOO
Google hopes the lawsuit “will set a precedent, create legal and liability risks for
the botnet operators, and help deter future activity.”

To further disrupt the botnet, the company says it “terminated around 63M
Google Docs observed to have distributed Glupteba, 1,183 Google Accounts, 908
Cloud Projects, and 870 Google Ads accounts associated with their
distribution.”

PC MAGAZINE DIGITAL EDITION (^) I SUBSCRIBE (^) I JANUARY 2022