Glupteba creates a backdoor into infected Windows systems – and researchers think it’ll be offered to cyber criminals as an easy means of distributing other malware.
A malware campaign that creates a backdoor providing full access to compromised Windows PC, while adding them to a growing botnet, has developed some unusual measures for staying undetected.
Glupteba first emerged in 2018 and started by gradually dropping more components into place on infected machines in its bid to create a backdoor to the system.
Highly self-defending malware with the cyber-criminal group behind it paying special attention to “enhancing features that enable the malware to evade detection.
Method of distribution is relatively simple: it’s bundled in pirated software, including cracked versions of commercial applications, as well as illegal video game downloads. The idea is simply to get as many users to download compromised applications that contain the Glupteba payload as possible.
To ensure the best possible chance of a successful compromise, the malware is gradually dropped, bit-by-bit onto the system to avoid detection by any anti-virus software the user may have installed. The malware also uses the EternalBlue SMB vulnerability to help it secretly spread across networks.
Glupteba uses a number of software exploits is for privilege escalation, primarily so it can install a kernel driver the bot uses as a rootkit, and make other changes that weaken the security posture of an infected host.
Glupteba’s latest campaign is described as relatively prolific, fitting in with what appears to be the aim of compromising as many computers as possible.
Glupteba’s main activity appears to be cryptocurrency mining. But the way it creates a backdoor into compromised computers, combined with the way in which those behind it look to be attempting to create a large botnet of readily available machines, suggests that the ultimate aim is to lease it out as a means of distributing other forms of malware to victims.
The campaign is still active and attempting to recruit more machines into the botnet. The simplest way users can avoid falling victim to Glupteba is by ensuring the critical security update issued to protect against EternalBlue is installed.
Microsoft released the patch in 2017, but EternalBlue remains successful because of the significant number of Microsoft Windows systems around the world that haven’t had it installed, putting them at risk of falling victim to this and other malware.
The normal general precautions apply here as much as anywhere else: Don’t run stuff you shouldn’t, keep everything patched, and always make sure you have some sort of malware protection on your computer . Don’t download and run unauthorised softwares