Glupteba malware, an ambitious blockchain-enabled Trojan botnet, returned to the top-ten malware threat list in December 2022 for the first time since July 2022, moving into eighth place, according to Check Point Research's (CPR) Global Threat Index for December. Qbot, a sophisticated Trojan that steals banking credentials and keystrokes, overtook Emotet to be the most prevalent malware after its return last month, impacting 7% of organizations worldwide. Meanwhile, android malware Hiddad made a comeback among two other mobile malwares. And, in December, the education/research sector remained the most attacked industry globally, followed by government/military and then healthcare.
Although Google managed to cause major disruption to Glupteba operations in December 2021, it seems to have sprung back into action. As a modular malware variant, Glupteba can achieve various objectives on an infected computer. The botnet is often used as a downloader and dropper for other malware. This means that a Glupteba infection could lead to a ransomware infection, data breach or other security incident. Glupteba is also designed to steal user credentials and session cookies from infected machines. This authentication data can be used to gain access to a user’s online accounts or other systems, enabling the attacker to steal sensitive data or take other action using these compromised accounts. Finally, the malware is commonly used to deploy cryptomining functions on its target, draining a computer’s resources by using them to mine blocks.