Google said it has shut down a bot network of about 1 million devices used worldwide for cybercrime, and it also sued the Russian hackers who are allegedly responsible. It appears that the Glupteba botnet was also used to mine cryptocurrencies in the background, steal users' credentials and cookies, and set up proxies to funnel others' internet traffic through infected Windows machines and IoT devices.
In the Tuesday announcement, Google said this network included about one million Windows devices globally, targeting victims in the United States, India, Brazil, and Southeast Asia. Since this botnet web consists of 1 million devices and therefore possesses great potential for large-scale ransomware attacks. The tech giant also sued defendants Dmitry Starovikov, Alexander Filippov, and other unknown individuals for violating its platform's policy.
Glupteba was also distributed by hackers using Google's services. The company took down 63 million Google Docs and 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads used to spread it. Moreover, Google Safe Browsing warnings alerted 3.5 million users before downloading a malicious file.
Security experts became aware of the Glupteba malware family in 2011, which spread through the free, downloadable software, videos, or movies, pay-per-install (PPI) networks, and via traffic purchased from traffic distribution systems (TDS), but also through scams.
"It was harder to shut down the botnets because they recover from disruptions more quickly. We are partnering with industry and governments in fighting against this behavior," Google stated. Now that the botnet's operations have been disrupted, security experts believe the actors will probably regain control using a backup command and control system that uses data encoded on the Bitcoin blockchain.
The two technology giants Google and Microsoft are increasingly involved in the fight against cybercrime conducted via their products, providing a unique understanding of and access to threats.