As per a report by Forbes, security researchers have warned that the bitcoin blockchain is under an attack by a new strain of the Glupteba malware which is capable of using the bitcoin network to resist attacks itself.

Glupteba Exploits Security Vulnerability To Shield Itself From Attacks

According to TrendMicro’s latest blog which details the recently discovered but undocumented version, it described version was capable of taking over systems in order to mine Monero cryptocurrency and steal sensitive browser data like passwords and cookies.

Analysts also confirmed that this strain of the Glupteba malware also exploits a known security vulnerability in MicroTik routers to modify the target machine into a SOCKS proxy to ensure widespread spam attempts that could threaten Instagram users.

According to the report, the infection has a systematic mode of operation.

A target machine is first hit with a “malvertising attack,” which forces it to download a Glupteba “dropper.”

The dropper will flood the target with various rootkits, backdoors, and other nasties taken from GitHub. It then does the usual stuff like check for antivirus programs, add malicious firewall rules, as well as include itself in defender whitelists.

Most notable, however, is that this malware utilizes Bitcoin to automatically update, ensuring it runs smoothly even if antivirus software blocks its connection to remote command and control (C&C) servers run by the attackers.

Malware Uses Electrum Bitcoin Wallet

The malware makes use of the Electrum bitcoin wallet to make, particularly send bitcoin transactions in order for the attackers to gain access to systems.

“This technique makes it more convenient for the threat actor to replace command and control servers,” Trend Micro researchers wrote. A command and control server is the centralized computer that issues commands to an infected network of devices. “If they lose control of a command and control server for any reason, they simply need to add a new bitcoin script and the infected machines obtain a new command and control server by decrypting the script data and reconnecting.”

Source: Coin Gape

1 Comment

  • Ladonna
    Posted September 12, 2019 7:20 am 0Likes

    I am sure this paragraph has touched all the
    internet visitors, its really really good piece of writing on building up new weblog.
    It is perfect time to make some plans for the future and it is time to be happy.
    I’ve read this post and if I could I want to suggest you some interesting things or advice.
    Maybe you could write next articles referring to this article.
    I desire to read even more things about it! Way cool!
    Some very valid points! I appreciate you penning
    this article and also the rest of the site is also really good.

Leave a comment