A new variety of Glupteba malware recently discovered contains two additional components to the original functionalities of the Trojan: one of them is a payload that allows to take control of the browser, and the other is an exploit for the router, according to the written article. by researchers Jaromir Horejsi and Joseph Chen for Trend Micro.
The payload that takes control of the victim’s browser has the ability to steal the browsing history, cookies, and user account names along with their passwords; the browsers affected are Chrome, Opera and Yandex. For its part, the exploit for the router takes advantage of an old vulnerability that has already been resolved, MikroTik RouterOS, which allows remotely authenticated attackers to write various files. Executing the exploit would allow attackers to configure the router as a SOCKS proxy through which to route malicious traffic in order to hide its real IP.
However, what is worth mentioning is Glupteba’s new functionality for updating C&C. According to Trend Micro, the malware uses the discoverDomain function which “enumerates Electrum Bitcoin wallet servers using a public list, and then attempts to query the script’s blockchain hash history with an embedded hash. Subsequently, this command reveals all related transactions.
To keep computers and operating systems safe, download, install, update software, and browse the web carefully. Do not download files or programs with third-party downloaders (or install them with third-party installers), peer-to-peer networks, or other sources mentioned above.
Update installed software using implemented functions or tools created by official software developers. Files attached to irrelevant emails and sent from unknown suspicious addresses should not be opened. The same applies to web links. Installed programs should not be activated with third-party tools (cracking): these are illegal and often lead to the installation of malware in any case, this malware Glupteba must be uninstalled immediately or at least be protected against this threat.
Other topics:
Kuik Adware – A simple but dangerous Adware
Risks that we can find in programmatic advertising
[…] Check also:Kuik Adware – A simple but dangerous AdwareGlupteba is a Trojan that spreads via malicious ads […]