Hackers created an incredibly powerful botnet on bitcoin wallets

A new dangerous evil has appeared in the digital world and its name is Glupteba. A few days ago Google specialists, with the help of Chainalysis experts, managed to cut off one of the heads of this “hydra”, only to be surprised to see how it rapidly grows new ones. Cybersecurity gurus say bluntly – at present they see no way to cope with this threat.

Glupteba is a typical botnet that has already infected about a million computers. Its activity is aimed at cryptojacking, the use of infected machines to mine cryptocurrency. The main difference between Glupteba and other botnets is that its communication system with infected devices is based on bitcoin wallets, and uses blockchain technology to resist disconnection.

The most vulnerable point of all botnets is precisely the communication channel to the control server, which must have some address, a location on the Internet. This could be a website, a social media account, a Twitter or YouTube channel, cloud storage, etc. But any such anchor point can be trivialized at the request of law enforcement, and even if you have hundreds of backup addresses, hiding indefinitely is not an option.

In Glupteba’s case, three common bitcoin wallets are used and the controversial “OP_Return” function, which allows inserting any text in transaction descriptions. The botnet’s curators leave instructions there for infected computers to switch to backup communication channels. Because of the decentralized structure of the blockchain, there is no way to block these messages, and the only reliable solution seems to be the physical arrest of the criminals. But for that, they still need to be found.