. home.aspx



Glupteba Malware Uses Bitcoin Blockchain to Update C2 Domains

September 04, 2019 / Sergiu Gatlan

A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes. Glupteba has been previously distributed as a secondary payload by the Alureon Trojan as part of a 2011 campaign designed to push clickjacking contextual advertising, as well as by the threat actors behind Operation Windigo onto their targets' Windows computers with the help of exploit kits in 2014, as discovered by ESET's security research team. Four years later, in 2018, the malware dropper was again spotted by ESET while being disseminated by a malicious campaign via a Pay-Per-Install scheme, adding all the infected machines to an attacker-controlled botnet. The new version discovered by Trend Micro recently has switched to malvertising as the means of distribution and it comes with two more modules besides the newly added Bitcoin blockchain C2 updater, namely an info stealer and an expl...