Undocumented malware variant uses Bitcoin blockchain to keep itself alive

posted 11 months ago
Cybersecurity researchers discovered a new strain of the nefarious Glupteba malware that uses the Bitcoin blockchain to stay alive. This malware utilizes Bitcoin to automatically update, ensuring it runs smoothly even if antivirus software blocks its connection to remote command and control (C&C) servers run by the attackers.

Glupteba goons will first send Bitcoin transactions via the Electrum Bitcoin wallet. The malware, which has been programmed with a hardcoded ScriptHash string, will then make its way through a public list of Electrum servers to find every transaction that was made by the attacker. Buried in those transactions is seemingly innocent OP_RETURN data which contains an encrypted C&C domain. The ScriptHash string is then used to decrypt that data.
Tags: blockchain, bitcoin, news