• Google disrupted the malicious operations of the Glupteba botnet which has been used by hackers to steal account information.
  • The firm filed a lawsuit against two Russian nationals that it believes helped run the malware for the past few years.
  • The disruption may only be temporary as Glupteba utilizes a blockchain system that could allow hackers to remain in control over infected hosts.

Google has disrupted Glupteba, a botnet that has spread malware to roughly a million Windows devices using the Bitcoin blockchain. The American multinational technology company stated that the perpetrators used the botnet to mine cryptocurrencies on victims’ computers.

Glupteba could resume operations shortly 

In a civil complaint filed on December 7 against two Russian nationals Dmitry Staroviko, Alexander Filippov, as well as 15 unknown individuals, Google revealed that Glupteba has infected more than one million machines worldwide. The botnet has been tracked by law enforcement and computer security experts for years.

Google alleged that the defendants used the botnet to steal victims’ account information to sell to third parties and mine cryptocurrencies on victims’ computers. The perpetrators used blockchain technology to protect themselves and bypass traditional tools that could disrupt malicious activities. According to Google executives, Bitcoin’s decentralization made it “much harder to shut down.”

The firm also reached out to internet infrastructure companies to take down services used by the hackers to control the network. Google’s services were used by the perpetrators to distribute the malware. As a result, the company took down approximately 63 million Google Docs, over 1,000 Google accounts and more than 900 Google Cloud projects that were used to spread Glupteba.

Google general counsel Halimah Delaine Prado and vice president of engineering Royal Hansen explained that the company does not only plug security holes, the firm is working to eliminate entire classes of threats for consumers and businesses that depend on the internet.

However, Google warned that Glupteba could continue to operate again due to the fact that the hackers have incorporated a fail-safe mechanism that uses the Bitcoin blockchain to issue commands. 

If the communication between the hackers and the botnet is cut off, the network will automatically search for messages posted by hackers for directions telling it how to reconnect through publicly accessible Bitcoin transactions.

According to blockchain analysis firm Chainalysis, this is the “first known case of a botnet using this approach.”


Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.

If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.

FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.

The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.

Cryptos feed Join Telegram

Recommended content

Recommended Content

Editors’ Picks

Cardano whales enter buying spree before the Vasil hard fork

Cardano whales enter buying spree before the Vasil hard fork

Cardano price is showing an interesting set up as it struggles to make a move above a crucial support level. A rejection here could lead to a buying opportunity for patient investors before ADA explodes.

More Cardano News

Why Dogecoin enters 50% bull rally despite founder’s remarks on Elon Musk

Why Dogecoin enters 50% bull rally despite founder’s remarks on Elon Musk

Dogecoin price has been coiling up like a spring for roughly ten days, indicating that a massive move is about to occur. The congestion will likely lead to a bullish move for DOGE that is brimming with volatility.

More Dogecoin News

SafeMoon price readies for a 40% breakout

SafeMoon price readies for a 40% breakout

A brief technical and on-chain analysis on SafeMoon price. Here, FXStreet's analysts evaluate where SFM could be heading next.

More SafeMoon News

Why a 20% rally for Crypto.com price makes sense now

Why a 20% rally for Crypto.com price makes sense now

Crypto.com price is on the verge of flipping a crucial resistance barrier into a support level. Assuming this conversion occurs, CRO will be primed for a quick expansion to the next hurdle.

More Crypto.com News

Bitcoin: The last rebound before capitulation

Bitcoin: The last rebound before capitulation

Bitcoin is showing bullish signs in the lower time frames, which can be taken advantage of by traders in the next couple of days. But looking at BTC from the higher time frames suggests that the bottom is not in yet.

Read full analysis