An advanced malware is utilizing messages hidden within Bitcoin‘s blockchain transactions. These messages send signals to a botnet army ready to attack at command.
How exactly is this malware using Bitcoin’s blockchain and why?
Glupteba, The Malware-Installing Trojan From 2011 That Uses Blockchain To Command An Army
Glupteba, a backdoor Trojan designed to install malware on unsuspecting computers, has also been using Bitcoin in an unusual way.
It was initially distributed in 2011, as “a secondary payload by the Alureon Trojan in order to push clickjacking contextual advertising.” Later, in 2014, it was used as part of “Operation Windigo” – a highly sophisticated attack involving thousands of compromised Linux systems.
Once the malware is installed, the compromised computer is then added to a botnet army ready for an array of commands.
Somewhere along the line, Glupteba was updated to take advantage of Bitcoin’s public and transparent distributed ledger.
Like other malware with connections to cryptocurrencies, Glupteba can be used for cryptojacking. Cryptojacking is the process of backdoor malware mining for Monero, Bitcoin, or anything else, without the user’s consent or knowledge.
However, this is just one of many ways it can be used for harm and isn’t the reason for utilizing Bitcoin’s blockchain.
Botnet Commands Sent Via Messages Hidden In Bitcoin Blockchain Transactions
After malware utilizes its botnet to carry out an attack, once successful, the botnet can be rerouted to perform other tasks. These are typically more attacks, albeit on different servers with a unique domain or IP coordinates.
Botnets of this kind have in the past used Twitter, Pastebin, Reddit, and other messaging services to relay their commands. Glupteba, however, is using Bitcoin.
Not all Bitcoin transactions need to have a monetary value. Messages can be stored in a Bitcoin transaction’s OP_RETURN field, at up to 80 characters.
Using this method, Glupteba is able to hide its messages in plain sight and distribute them widely across to its botnet army.
Related Reading | Checking Crypto Prices on Your Mac? Watch Out for Malware
Hiding messages in plain sight is called steganography and dates back to the late 1400s. The advantage of steganography over cryptography is that messages hidden in plain sight don’t attract attention to themselves.
The term typically refers to computer data, however, it was also used by spies posting personals in local newspapers to deliver messages during the Cold War.
Also happening in plain sight, is another Cold War, between cybercriminals and security experts.
Cybercrime, especially in the cryptocurrency space, has seen explosive growth. Bitcoin ransoms are growing in number and hackers are becoming more brazen.
Cryptojacking may not be getting as much coverage in media due to it being yesterday’s news, but numbers cases continue to rise.
For now, Glupteba doesn’t appear to be targeting cryptocurrency users despite leveraging the Bitcoin blockchain in another way. But crypto investors will want to pay extra attention to cybersecurity to protect any funds they hold.