Google has taken action to disrupt a botnet that's infected 1 million devices, the company announced via blog post on Tuesday. Google also announced a lawsuit targeting the botnet's alleged operators.
A botnet generally refers to a network of computers that's taken over and controlled remotely by cyberciminals. Once the criminals have control, the computers can be used for a variety of illicit schemes, such as denial-of-service attacks.
The botnet is called Glupteba, and it has infected Windows machines around the world. Google detailed its steps against the Glupteba botnet in a separate post. Over the past year, Google's Threat Analysis Group worked with the company's CyberCrime Investigation Group to disrupt activity from the botnet that involved Google services.
"We've terminated around 63M Google Docs observed to have distributed Glupteba, 1,183 Google Accounts, 908 Cloud Projects and 870 Google Ads accounts associated with their distribution," TAP's Shane Huntley and Luca Nagy said in the blog post.
However, Glupteba's operators are using the bitcoin blockchain as a backup mechanism for the botnet. That means it's more difficult to get rid of the botnet for good. In Google's complaint, the company alleges criminal schemes to the Glupteba Enterprise, including stolen accounts, credit card fraud and cryptojacking, which involves hijacking a computer to use for cryptocurrency mining.
This year, over 2,600 instances of botnet command & control software were identified by Spamhaus Malware Labs, an international nonprofit that tracks spam and related cyber threats. Compared with the roughly 1,400 botnets identified last year at the same time, there's an 82% increase, which suggests a significant uptick in botnet activity during 2021.