Glupteba malware reemerges in widespread campaign

After being disrupted by Google last December, the Glupteba malware botnet has reemerged in a new ongoing widespread global campaign that began in June, BleepingComputer reports. Nozomi Networks researchers examined 1,500 Glupteba samples in VirusTotal for cryptocurrency wallet address extraction and discovered 15 Bitcoin addresses associated with four different campaigns, the most recent of which commenced in June. More Bitcoin addresses have been leveraged in the ongoing campaign, compared with previous attacks, indicating the blockchain-enabled, modular malware's enhanced resilience. The report also revealed a tenfold increase in TOR hidden services leveraged as command-and-control servers, compared with last year's campaign. Nearly 1,200 samples were communicated across 11 transactions by the most prolific cryptocurrency wallet address used in the ongoing Glupteba campaign. Moreover, passive DNS data showed numerous Glupteba domain registrations as recently as Nov. 22. The findings suggest that the Glupteba botnet is stronger than ever and even more resistant to takedowns.