Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.
Glupteba commonly infects computers by disguising itself as desirable software available for download. For example, a common infection method is to substitute Glupteba for a free download of cracked software. Alternatively, Glupteba is also commonly deployed by exploit kits.
Once installed on a computer, Glupteba provides the attacker with backdoor access to the infected machine. It uses the HTTPS protocol to communicate with its command and control (C2) servers, enabling it to protect its C2 data with encryption and to conceal it amongst legitimate C2 traffic.
By default, the malware has a few C2 servers that it communicates with. However, it also provides an unusual mechanism for the malware to identify backup C2 servers if the primary ones are unavailable.
On the Bitcoin blockchain, the attacker controls a few different accounts that include backup domains in their transactions. These domains are encrypted using AES 256 and a secret key embedded within the Glupteba malware binary. If the malware can’t reach its primary C2 servers, it can check the Bitcoin blockchain’s ledger for additional domains.
Some variants include the ability to spread laterally through an organization’s network using the EternalBlue exploit. This exploit was famously used by WannaCry and takes advantage of vulnerabilities in Microsoft SMBv1.
Glupteba is designed as modular malware, meaning that it can download and deploy code that implements various capabilities. Some of the most common malicious capabilities used by the Glupteba malware include:
As a modular malware variant, Glupteba can achieve various objectives on an infected computer. Some of the most common impacts of a Glupteba infection include:
Glupteba uses various means to infect a computer. Some security best practices that help to protect against Glupteba infections include:
Glupteba is a trojan malware that poses a significant threat to organizations. However, companies face various other cybersecurity threats as well. Learn more about Glupteba and other leading malware threats in Check Point’s 2022 Cyber Security Report.
Check Point’s Harmony Endpoint provides comprehensive protection against Glupteba and other major threats to corporate endpoint security. Learn more about Harmony Endpoint’s capabilities by signing up for a free demo.