Glupteba Malware Craftily Utilizes the Bitcoin Blockchain

Digital Representation of a Blockchain Network NEAR

Bitcoin tends to generate media headlines for a wide variety of reasons. Not all of those mentions make sense,  although that doesn’t mean they should be ignored either. A new security report indicates one particular type of malware could utilize Bitcoin’s blockchain to prevent being shut down. A very worrisome turn of events which could have major repercussions.

What is Glupteba?

For those unfamiliar with the numerous malware strains on the market today, Glupteba might not ring too many bells. It is an old type of malware which used to focus on mining Monero. These days, an updated version is making the rounds. The new version is capable of achieving many things, including the theft of data from a browser, browsing history, cookies, and so forth. 

The more worrisome aspect is how the malware also utilizes the Bitcoin blockchain. More specifically, the malware’s dropper can obtain information regarding the command and control server from Bitcoin transactions. That is one way of hiding the necessary information in plain sight for everyone to see. It is another example of how criminals flock to Bitcoin, for a wide variety of reasons. 

How Does it Work?

The analysis outlined by Trend Micro paints a very disturbing picture where Glupteba is concerned. One of the dropper’s commands is called “discover-blockchaincome”. This allows the code to use a hardcoded Bitcoin address and discover the new C2 domain encrypted in this address’s Bitcoin transaction data. While anyone could snuff out this information if they knew where to look, it is the first time any type of malware takes such drastic measures. 

This will also allow the malware’s creators to continually update the C&C servers of the malware as they see fit. An extra feature called discoverDomain will keep checking if the Glupteba server is located somewhere else than assumed prior to that time. The information is then pruned through an Electrum Bitcoin wallet server. A very sophisticated way of handling this information, to say the very least. 

Another bad Link for Bitcoin

It is well-known how criminals all over the world are seemingly drawn to Bitcoin for a wide variety of purposes. Many still think Bitcoin is an anonymous payment method although that is far from the case. In this recent turn of events, they begin targeting the Bitcoin blockchain in an attempt to further discredit the world’s leading cryptocurrency.

While decentralized technology, such as the blockchain, is priceless, it is also difficult to take down this type of behavior and information. Anyone can generate Bitcoin addresses on demand and broadcast transactions as they see fit. Nothing can prevent this type of behavior, unfortunately.

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.