Alert: Glupteba malware attacks Bitcoin transactions

Must Read

5 reasons why Bitcoin Price might crash hard soon

Bitcoin was launched in 2009, and it caught the attention of only a few people. But with time, things...

Celebrity Ben Baller regrets selling 300 BTC for $300,000

Jeweler, Actor, and Musician Ben Baller took to Instagram to reveal what he considers his biggest financial regret. He...

3 hacker groups from North Korea get sanctioned by U.S. for cryptocurrency theft

As North Korea begins the preparations for its second crypto-blockchain conference, the news of 3 North Korean entities being...
Vineet Chaudhary
Vineet Chaudhary
Vineet Chaudhary is a content writer with computer applications as his background field. His interests range from writing and photography to going out for trips and rides on weekends.

Just like the softwares that we use to keep getting better and upgraded, similarly, the viruses also find new ways to infect your computers and online world to cause problems for the users.

Recently, it was found that Glupteba dropper and a backdoor trojan is capable of commanding and controlling domains by tracking Bitcoin transactions. Along with this, Glupteba dropper adds two more components to the victim’s systems- browser stealer and router exploit.

The browser stealer then gets access to the browsing history of the user along with cookies, account names and passwords from the browsers such as Chrome, Opera, and Yandex. While all this is happening, router exploit takes advantage of the MikroTik RouterOS vulnerability, which allows the attackers to write arbitrary files. The router exploit helps the attackers to configure the router as SOCKS proxy which routes the malicious traffic through to hide the correct IP address of the attackers.

Glupteba’s C&C updating functionality is particularly noteworthy. The malware uses the discoverDomain function which aims at the Electrum bitcoin wallet servers using a publicly available list. It then tries to access the history of the blockchains hash script with a hardcoded hash. This reveals all the history of the related transactions.

This particular version of Glupteba was delivered via a malvertising campaign targeting file-sharing websites. In case the malware loses control of a C&C server for some reason, they add a new Bitcoin script and the infected machine will get a new server which is formed by decrypting the script data and reconnecting.

Disclaimer: Coinnounce's views are not necessarily reflected in the articles published, and they are the sole representation of the author's opinions. Article's information should not be taken as investment advice. Risks are involved in cryptocurrency investments and trading. Readers are urged to carry out extensive research before making a decision.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

5 reasons why Bitcoin Price might crash hard soon

Bitcoin was launched in 2009, and it caught the attention of only a few people. But with time, things...

More Articles Like This