Gluptepa malware using the Bitcoin blockchain to stay alive?

By September 5, 2019 Bitcoin Business
Click here to view original web page at www.fxstreet.com
  • The malware uses the Bitcoin blockchain to update itself continuously.
  • Protect yourself against it by not clicking on suspicious links and emails and by keeping your router firmware up-to-date.

As per TrendMicro, cybersecurity researchers have discovered a new strain of the infamous Gluptepa malware. The malware uses the Bitcoin blockchain to stay alive. Analysts confirm that this strain is capable of invading systems to mine Monero and steal sensitive data like passwords and cookies. It also exploits a vulnerability in MicroTik routers to transform target machines into a SOCKS proxy. After that, it executes spam attacks on Instagram users.

The malware uses the Bitcoin blockchain to automatically update and run smoothly even if the antivirus software blocks its connection to remote command and control (C&C) servers run by the attackers. As investigated by TrendMicro’s researchers, Gluptega attackers will first send a Bitcoin transaction via the Electrum wallet. It will then make its way through a public list of the wallet’s servers to find every transaction made by the attacker. Within those transactions, Gluptega will exploit the OP_RETURN opcode containing the encrypted C&C domain. The domain gets decrypted by a ScriptHash string which is hardcoded within the malware.

TrendMicro said:

“This technique makes it more convenient for the threat actor to replace C&C servers. If they lose control of a C&C server for any reason, they simply need to add a new Bitcoin script and the infected machines obtain a new C&C server by decrypting the script data and reconnecting.”

There are two ways to protect yourself against the malware - Don’t click on suspicious links and emails and ensure that your router’s firmware is up-to-date.

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility.

Cryptos feed

Protect yourself against it by not clicking on suspicious links and emails and by keeping your router firmware […]

Leave a Reply