wordpress blog stats
Connect with us

Hi, what are you looking for?

Russian botnet Glupteba targeted India for maliciously mining cryptocurrency: Google

Google researchers analysed how hackers spread the malware and the kind of information that was stolen.

India, apart from Brazil and Southeast Asia, was one of the regions affected by Glupteba, a Russia-based threat actor known to steal user credentials, cookies, and mine cryptocurrencies on infected systems.

This finding came up in the Google Threat Analysis Group’s new report on actions taken to dismantle the multi-component botnet’s actions, such as terminating —

  • 1,183 Google accounts
  • 908 cloud projects
  • 870 Google ads
  • 3.5 million users were warned before downloading a malicious file

Parallel to the analysis, tracking, and technical disruption of this botnet, Google has also filed a lawsuit against two individuals believed to be located in Russia for operating the Glupteba Botnet and its various criminal schemes, the tech giant said.

This report shows how malicious actors are driven by cryptocurrencies and related activities to indulge in illegal practices such as, in this case, hacking platforms. Money laundering concerns and scams have also been linked to the crypto market which is unregulated in most countries. A crypto bill is soon to be tabled in India’s Parliament.

How Glupteba was delivered to affected systems

For a period of time, we observed thousands of instances of malicious Glupteba downloads per day. The following image shows a webpage mimicking a software crack download which delivers a variant of Glupteba to users instead of the promised software. — Google

Source: Google

Researchers found that other than mining cryptocurrencies and stealing credentials, those behind the Glupteba botnet were selling—

  • Access to virtual machines loaded with stolen credentials
  • Proxy access
  • Credit card numbers to be used for other malicious activities

A few weeks ago Google revealed that its cloud platforms were being used by malicious actors to perform cryptocurrency mining. The report said that of the 50 compromised GCP instances that its team observed, 86% of them were being used to perform cryptocurrency mining, which they described as a “cloud resource-intensive for profit activity”.

Glupteba likely to be back using Bitcoin blockchain

Researchers at Google opined that although they have taken myriad forms of action against them, Glupteba may attempt to regain control of the botnet using a back command and control mechanism that uses data encoded on the Bitcoin blockchain.

“In the event that the main C2 servers do not respond,” Google said, “the infected systems can retrieve backup domains encrypted in the latest transaction from the following bitcoin wallet addresses:

Advertisement. Scroll to continue reading.
  • ‘1CgPCp3E9399ZFodMnTSSvaf5TpGiym2N1’ [1]
  • ’15y7dskU5TqNHXRtu5wzBpXdY5mT4RZNC6’ [2]
  • ‘1CUhaTe3AiP9Tdr4B6wedoe9vNsymLiD97’ [3]

India one of the most affected by phishing campaign backed by Russia

India, apart from the United States of America and the United Kingdom, was one among the most affected countries that were allegedly targeted by a Russian government-backed APt28/Fancy Bear Gmail phishing campaign, according to a report by Google’s Cybersecurity Action Team.

The report, a first of its kind, said that Google’s Cybersecurity Action Team observed a large-scale attack of a credential phishing campaign targeting more than 12,000 Gmail accounts by this threat actor. Fancy Bear earlier used to target Yahoo! and Microsoft users, the report said. Other countries that were targeted include Canada, Russia, Brazil, and members of the European Union.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ