A cyber investigator is warning of a serious malware on the Bitcoin Blockchain. It was reported to Forbes that the Bitcoin Blockchain was hijacked by a new Glupteba malware executive.
Despite the unique decentralized and anonymous features of encryption – hackers and developers are finding smarter ways to do malicious things.
The Glupteba malware was first discovered in 2011 as part of an ad campaign, and in 2018 it was again detected in a malicious campaign using the Pay-per-Install program, a system found responsible for adding all infected devices to the botnet is controlled by the attacker. However, the latest version of malware has been found to be exploiting bitcoin.
Monero seems to be the hacker’s favorite cryptocurrency – as the report says, malware can also extract privacy-focused cryptocurrency, such as Monero. It also creates a problem with the user’s Instagram account and steals sensitive browser data such as passwords and cookies.
Glupteba includes two components, browsers and router exploits, with the foregoing, malware quickly accesses the crypto owner’s browsing history from browsers such as Chrome , Opera and Yandex. And the Glupteba malware executable exploits a MicroTik router that helps attackers hide their real IP address, configuring the router as a SOCKS proxy.
Specifically, the Glupteba malware uses the Electrum bitcoin wallet, which makes it easy for intruders to track bitcoin transactions. About editing more information about malware, Trend Micro researchers, a security news blog – explains about the command and control server. He mentions that this server is a server that processes commands on an infected device network, more specifically:
“This technique (Glupteba malware) makes it more convenient for the hacker to replace command and control servers. If for some reason they lose control of a command and control server, they just need to add a new bitcoin script and the infected machines get a new command and control server.