Bitcoin’s blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks, cyber security researchers have warned.
The malware uses the bitcoin blockchain to update, meaning it can continue running even if a device’s antivirus software blocks its connection to servers run by the hackers, security intelligence blog Trend Micro reported this week.
The Glupteba malware, first discovered in December 2018, is distributed through advertising designed to spread viruses through script and can steal an infected devices’ browsing history, website cookies, and account names and passwords with this particular variant found to be targeting file-sharing websites.
However, according to researchers, the new version of the malware can also mine the privacy-specialized monero cryptocurrency and threaten the security of Instagram users’ accounts.
The malware uses the Electrum bitcoin wallet to send bitcoin transactions that the attackers use to gain access to systems.
“This technique makes it more convenient for the threat actor to replace command and control servers,” Trend Micro researchers wrote. A command and control server is the centralized computer that issues commands to an infected network of devices.
“If they lose control of a command and control server for any reason, they simply need to add a new bitcoin script and the infected machines obtain a new command and control server by decrypting the script data and reconnecting.”
It’s not the first time the bitcoin blockchain has been taken advantage of by criminals, with German researchers last year discovering child abuse imagery shared via the decentralized network.