Google disrupts the CryptBot info-stealing malware operation

Google is taking down malware infrastructure linked to the Cryptbot info stealer after suing those using it to infect Google Chrome users and steal their data.

The lawsuit targets Cryptbot’s infrastructure and distribution network, whose disruption would help decrease the number of victims having their sensitive information stolen using the malware.

“Yesterday, a federal judge in the Southern District of New York unsealed our civil action against the malware distributors of Cryptbot, which we estimate infected approximately 670,000 computers this past year and targeted users of Google Chrome to steal their data,” the Head of Litigation Advance Mike Trinh and Threat Analysis Group’s Pierre-Marc Bureau .

“We’re targeting the distributors who are paid to spread malware broadly for users to download and install, which subsequently infects machines and steals user data.”

To hinder the spread of CryptBot, the court has granted Google a temporary restraining order which allows the company to disrupt the distributors and their infrastructure. 

The court empowers Google to take down domains associated with CryptBot distribution (active and that will be registered after the order is issued), thus helping curb the number of new infections and decelerating the malware network’s growth.

“To hamper the spread of CryptBot, the court has granted a temporary restraining order to bolster our ongoing technical disruption efforts against the distributors and their infrastructure,” Trinh and Bureau said.

“The court order allows us to take down current and future domains that are tied to the distribution of CryptBot.”

What is CryptBot

CryptBot info stealer is a Windows malware designed to steal sensitive information from victims’ computers. This info can include login credentials, credit card information, and other personal or financial data that can be used for various fraudulent purposes.

After the malware infects a device, it silently harvests data and sends it back to the command and control (C2) server without the victims’ knowledge. 

The data stolen by CryptBot can be used for various criminal activities, including identity theft, financial fraud, as well as gaining unauthorized access to accounts and systems.

“Recent CryptBot versions have been designed to specifically target users of Google Chrome, which is where Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action,” Google said.

The company also  in December 2021 after the blockchain-enabled and modular malware infected more than one million Windows devices worldwide since 2011.

As revealed in November 2022, Google TAG  in Glupteba infections despite  after the initial disruption action.