A cybersecurity researcher warns over a severe malware on Bitcoin Blockchain. Yesterday, Forbes media reported that the Bitcoin Blockchain was hijacked by a new strain of the Glupteba malware.
Malware Over Bitcoin Blockchain
Despite the unique decentralized and anonymous features that cryptocurrency bears – hackers and programmers are sneaking the smartest way to perform malicious actions.
Glupteba was first discovered in 2011 as a part of advertising campaign whereas, in 2018, it was again found in a spiteful campaign using the’Pay-Per-Install’ scheme, a system found responsible of adding all the infected devices to botnet controlled by the attacker. However, the latest version of the malware has been caught to exploit the bitcoin.
It seems like the Monero is the favorite cryptocurrency for attackers and hackers – as the report elaborates the malware can also mine the privacy-focused cryptocurrency, such as Monero. It also causes the security of Instagram user’s account and steals sensitive browser data of users like passwords and cookies.
Glupteba contains two-component, browser stealer and router exploit, with the former component, the malware quickly accesses the browsing history of the crypto owner from browsers such as Chrome, Opera, and Yandex. And the strain of the Glupteba malware exploits MicroTik routers that help attackers hide their actual IP address by configuring the router as SOCKS proxy.
Notably, the Glupteba malware is using Electrum bitcoin wallet that makes bitcoin transaction tracking easy for attackers. On elaborating more about the malware, Trend Micro researchers, a security intelligence blog – explains about the command and control server. It mentioned that this server is a centralized computer that process commands to an infected network of devices. It reads that;
“This technique (Glupteba malware) makes it more convenient for the threat actor to replace command and control servers. If they lose control of a command and control server for any reason, they simply need to add a new bitcoin script and the infected machines obtain a new command and control server by decrypting the script data and reconnecting.”
Disclaimer: The presented information is subjected to market condition and may include the very own opinion of the author. Please do your ‘very own’ market research before making any investment in cryptocurrencies. Neither the writer nor the publication (TronWeekly.com) holds any responsibility for your financial loss.