top of page

Google disrupts CryptBot malware distribution with court order

Google announced on Wednesday that it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was first discovered in the wild in December 2019. The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome that are hosted on fake websites. What's more, a CryptBot campaign unearthed by Red Canary in December 2021 entailed the use of KMSPico, an unofficial tool that's used to illegally activate Microsoft Office and Windows without a license key, as a delivery vector. Then in March 2022, BlackBerry disclosed details of a new and improved version of the malicious infostealer that was distributed via compromised pirate sites that purport to offer "cracked" versions of various software and video games. This is a huge problem for a few reasons. First, people's personal data is being stolen. This includes things like social media login information, banking information, and more. Second, the people who are behind this malware are making money off of it. They do this by selling the data they've stolen to other criminals. This is a huge security risk for everyone involved. Finally, this malware is getting more sophisticated. It's being delivered via fake websites and even unofficial tools. This makes it hard to protect yourself from. If you're using a Windows computer, you need to be extra careful. Make sure you only download software from official sources. Be careful when clicking on links, even if they look legitimate. And, if you think you might have been infected, reach out to a professional for help.


bottom of page