Cybersecurity firm Trend Micro has found that a ‘malvertising’ browser malware called Glupteba that uses a Bitcoin script. While not entirely improbable considering Bitcoin is open-source, the discovery nonetheless surprised researchers.
Glupteba, a malware designed to be embedded in browsers, has been discovered to be operating off of Bitcoin-related script. Researchers at Trend Micro claim that this script was used to prevent it from being expunged from the internet.
The purpose of malware is for its creator to steal “browser history, website cookies, account names, and passwords from browsers.”
According to Trend Micro, the use of Bitcoin script allowed for the malware to connect even if it lost its original connection to its command and control (C&C) server. “If they lose control of a C&C server for any reason, they simply need to add a new Bitcoin script,” the firm writes. With this, the machine that is infected by the Glupteba malware can “obtain a new C&C server by decrypting the script data and reconnecting” through the Bitcoin script. In this way, Glupteba can never permanently be severed from its original C&C server.
It’s currently unclear how many computers have been infected by the malware, but it seems to be relatively marginal. However, the fear is that malware could potentially, in the future, tap into decentralized networks to allow for the stolen information to be relayed back to its creator. This would mean that networks like Bitcoin or Ethereum, for example, could inadvertently be used for scams.
Glupteba seems to be one of the first to exploit this kind of script, but we can likely expect copy-cats to come out of the woodwork as this malicious idea catches on.
Do you think that malware can exploit Bitcoins scripts to prevent itself from being expunged online? Do developers have a responsibility to patch against this? Let us know your thoughts in the comments down below.