Google is suing two Russia-based individuals the company claims are responsible for a botnet operation that infected around one million devices for illicit purposes.
In a complaint filed in the U.S. District Court for the Southern District of New York, Google alleges Russian nationals Dmitry Starovikov and Alexander Filippov engaged in “computer fraud and abuse, trademark infringement, and other claims.”
As Google explained in its announcement of the lawsuit, a botnet is “a network of devices connected to the internet that have been infected with a type of malware that places them under the control of bad actors. They can then use the infected devices for malicious purposes, such as to steal your sensitive information or commit fraud through your home network.”
After investigating the Glupteba botnet, Google determined that it involves approximately one million Windows devices worldwide, and has spread at a rate of thousands of new devices per day. According to Google, “Glupteba is notorious for stealing users’ credentials and data, mining cryptocurrencies on infected hosts, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.”
In a threat analysis of Glupteba released by Google, the company explains that the botnet uses “HTTPS to communicate commands and binary updates between the control servers and infected systems.”
However, Google warns that Glupteba exhibits a unique form “technical sophistication” because it uses blockchain technology as a fail-safe to issue commands.
Google explained: “To add resilience to their infrastructure, the operators have also implemented a backup mechanism using the Bitcoin blockchain. In the event that the main C2 servers do not respond, the infected systems can retrieve backup domains encrypted in the latest transaction” from certain bitcoin wallet addresses.
Google has been able to disrupt “key command and control infrastructure” to stop operators of Glupteba from having control over the botnet for the time being. Google additionally made the decision to take legal action against Glupteba’s operators because of the botnet’s “sophisticated architecture and the recent actions that its organizers have taken to maintain the botnet, scale its operations, and conduct widespread criminal activity.”