Warnings were issued by the security intelligence firm Trend Micro about a recently exposed backdoor Trojan malware, Glupteba, which was discovered in the Bitcoin blockchain system. Apparently, it is capable of generating command-and-control domains through tracked Bitcoin(BTC)trade transactions.
A notorious sub-culture has also grown with the advancement of technology in the modern era, working tirelessly to compromise databases to extract critical information, including access to asset accounts. Cryptocurrencies work with a decentralized network and rely entirely on blockchain and smart transaction contracts. To execute their malicious actions, hackers and programmers try to sneak into the blockchain platform.
Lately, when it was found that a new version of the previously discovered Glupteba malware is operating inside the Bitcoin blockchain network to exploit servers from Bitcoin trades marked with “OP_RETURN” script codes.
Glupteba, first discovered in 2011, is a malicious Trojan-type software designed to exploit server loopholes, i.e. malware. The Glupteba malware can download and install additional malware and even add a computer virus to the impacted system. Many different cyber criminals over the internet use online advertisements to distribute malicious software such as Glupteba that can be injected into legitimate websites or advertising networks.
By tracking Bitcoin transactions, it turned out that the Glupteba virus has managed to control data inside the blockchain network. The malware can access the browsing history of the user, as well as browser cookies, account names and passwords on web browsers like Chrome, Opera and Yandex.
In addition to that, the virus exploits vulnerabilities of the user’s router’s operating system and while this is happening attackers write random files inside the system, causing it to completely crash or shut down. In short, your system may crash down in the middle of a Bitcoin transaction, potentially leading to a loss of funds.
Most notable, however, is that this malware uses Bitcoin to automatically update itself, ensuring it runs smoothly even if an antivirus software blocks its connection to the attackers running the threat. This makes it nearly impossible to stop the malware.
According to the researchers at TrendMicro, this particular version of Glupteba was delivered via a malvertising campaign targeting file sharing websites.
“This technique makes it more convenient for the threat actor to replace command and control servers,” wrote Trend Micro researchers. “If they lose control of a command and control server for any reason, they simply need to add a new bitcoin script and the infected machines obtain a new command and control server by decrypting the script data and reconnecting.”
