Google has disrupted the Glupteba botnet that already controls more than 1 million Windows systems worldwide. Glupteba is blockchain-enabled, modular malware, active since 2011.

What happened?

  • Google took over the hackers' key command and control (C2) infrastructure, which uses a Bitcoin blockchain backup mechanism for more resilience even though main C2 servers stopped responding.
  • However, researchers believe that Glupteba operators may try again to regain control of the botnet using a backup C2 mechanism.
  • Among the online services, the operators were selling access to VM loaded with stolen credentials, proxy access, and credit card numbers for serving malicious ads and fraud on Google Ads.

Additionally, the tech giant has taken some legal actions to disrupt Glupteba operations.

What more?

  • Google has filed a temporary restraining order, along with a complaint against two Russian individuals (Dmitry Starovikov and Alexander Filippov) and 15 other unknown individuals.
  • The complaint claims that the 17 individuals were operating and coordinating attacks with the aim of stealing user accounts and credit card info and selling ad placement and proxy access.
  • Additionally, they were offering cryptomining, fraud, trademark infringement, and other schemes.


The abuse of blockchain technology for orchestrating large-scale cyberattacks is becoming a more common practice among cybercriminals. Blockchain’s decentralized nature allows the botnet to recover more quickly from disruptions. Therefore, private organizations and governments should work together to fight against such threats.

Cyware Publisher