Google is suing two Russian individuals it claims are behind a sophisticated botnet operation that has silently infiltrated more than 1 million Windows machines worldwide.
In a complaint filed in the U.S. District Court for the Southern District of New York, Google names Russian nationals Dmitry Starovikov and Alexander Filippov as the two main operators of the Glupteba botnet, citing Gmail and Google Workspace accounts they allegedly created to help them operate the criminal enterprise.
Google claims the defendants used the botnet network — which it describes as a “modern, borderless technological embodiment of organized crime” — for illicit purposes, including the theft and unauthorized use of Google users’ logins and account information. It’s demanding that Starovikov and Filippov pay damages and are permanently banned from using Google services.
The Glupteba botnet, which the tech giant has been tracking since 2020, has so far infected approximately 1 million Windows machines worldwide, according to Google, and is growing at a rate of thousands of new devices each day. Once a device has been infected — typically by tricking users into downloading malware via third-party “free download” sites — the botnet steals user credentials and data, secretly mines cryptocurrencies, and sets up proxies to funnel other people’s internet traffic through infected machines and routers.
“At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack,”Google
The tech giant also notes that the Glupteba botnet stands out compared to conventional botnets due to its “technical sophistication,” which sees it utilize blockchain technology to protect itself from disruption, Google said in the complaint.
As well as launching litigation against the so-called Glupteba botnet, the company’s Threat Analysis Group (TAG) — which has observed the botnet targeting victims in the U.S., India, Brazil, Vietnam and Southeast Asia — announced it has worked with internet hosting providers to disrupt the botnet’s key command and control (C2) infrastructure. This means its operators no longer have control of the botnet, though Google has warned that Glupteba could return due to the fact it uses blockchain technology as a resiliency mechanism.