A new malware ‘Glupteba’ threatens the security of Windows systems. This sneaky malware remains hidden as it continues to create a backdoor in compromised Windows devices.
Glupteba Windows Malware
Researchers from Sophos Labs have discovered a new malware in the wild that targets Windows devices. Dubbed Glupteba, this Windows malware develops a backdoor in the target PCs to eventually include them to a botnet.
According to the researchers, Glupteba is a distinct malware given its stealth properties. Specifically, this sneaky property resides in the malware dropper which remains under the radar. This malware dropper then downloads and executes payloads that add to the overall maliciousness of the bot.
A key way through which Glupteba exploits this property is for privilege escalation. In turn, this lets the malware to execute the rootkit that keeps any other malware at bay and compromises the target device’s security.
The malware may reach the device through various sources, such as pirated software, posing as software installers. These malware droppers then execute malicious files in specific directories. Also, to evade detection, the malware stops any ongoing processes related to Windows security.
After turning the infected machine into a bot, the malware then uses this device to scan for further vulnerable devices. Hence, it can launch EternalBlue exploit for lateral spread of the malware on the network.
Detailed technical analysis of the malware is available in the researchers’ report.
Exploiting Bots For Cryptomining
According to Sophos Labs, Glupteba malware presently aims at cryptocurrency mining. It drops XMRig miners as payload to the bots.
Nonetheless, the way it creates the backdoor hints at various possibilities for the malware to exploit the infected machines.
Glupteba malware campaign is active in the wild, showing a consistently growing number of infections from the beginning this year.
Moreover, the threat actors behind Glupteba are also continuously updating the malware for advanced stealth functionalities.
To prevent Glupteba infection, researchers advise users to avoid using pirated software. Users must ensure buying licensed copies only from genuine vendors.
Though, this precaution doesn’t apply to pirated software only. Rather, users should remain very careful while downloading any programs, files, and apps from untrusted sources.
Let us know your thoughts in the comments.
