Share this article
Google Sues to Shutter Cryptojacking Botnet That Infected 1M+ Computers
The botnet used the Bitcoin blockchain to evade cybersecurity officials and remain online, Google alleged.
Updated May 11, 2023, 7:03 p.m. Published Dec 7, 2021, 10:27 p.m.
Google on Tuesday moved to shut down a sophisticated cryptojacking botnet that used the Bitcoin blockchain to evade cybersecurity officials.
Known as “Glupteba,” the botnet has infected more than 1 million machines worldwide, Google said in a civil complaint filed Tuesday against Dmitry Staroviko and Alexander Filippov, as well as 15 unknown individuals. Google alleged the defendants utilized this botnet to mine cryptocurrencies on victims’ computers, steal victims’ account information to sell to third parties, purchase goods and services using credit cards with insufficient funds and sell access to compromised machines to third parties.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Moreover, the botnet itself leveraged blockchain technology in a unique manner as an effort to secure it against traditional tools meant to disrupt these types of malicious activities. It effectively turned Bitcoin’s decentralization into an asset that made it “much harder to shut down,” Google executives wrote in a blog post.
The botnet weaponized the Bitcoin blockchain, according to Chainalysis, which said it helped Google’s investigation. By embedding command-and-control server addresses in the blockchain and then having the botnet turn to that data whenever an infected server was shuttered, it stays a step ahead of the cybersecurity whack-a-mole.
“This is the first known case of a botnet using this approach,” representatives for Chainalusis said in an email.
Google’s complaint went into more detail, saying that the “Glupteba Enterprise,” the entity controlled by the defendants, would use this method to direct the malware to new servers.
The botnet looked at three specific bitcoin addresses, according to a Google blog post.
Google said that while it has already taken some action to disrupt the botnet, the fact that it uses the Bitcoin blockchain means the operators can resurrect the network at any time.
“The Glupteba botnet cannot be eradicated entirely without neutralizing its blockchain-based infrastructure,” the complaint said.
Google filed fraud and racketeering allegations against the defendants in its suit.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Pye Finance Raises $5M Seed Round Led by Variant and Coinbase Ventures
The platform aims to make locked Solana staking positions tradable via an onchain marketplace.
What to know:
- Pye Finance raised a $5 million seed round led by Variant and Coinbase Ventures, with participation from Solana Labs, Nascent and Gemini.
- The startup is building an onchain marketplace on Solana for time-locked staking positions that can be traded.
- Pye says the product targets Solana’s large pool of staked SOL, worth roughly $75 billion, and aims to give validators and stakers more flexibility over terms and reward flows.
Top Stories
