Google Takedown All CryptBot Malware Domains

Google has taken down the infrastructure associated with CryptBot malware, which has been accused of stealing data from around 670K users’ browsers over the last year alone.

CryptBot is a type of malicious information-stealing malware first discovered in 2019. The malware is usually distributed via spoofed websites that pose as legitimate software sites offering free downloads. Once installed, CryptBot steals sensitive information from infected computers, such as passwords, cookies, cryptocurrency wallets, and credit card information.

In a recent blog post, Google revealed that malware spread through maliciously modified apps, including Google Chrome and Google Earth Pro. Over the past year, CryptBot compromised roughly 670,000 computers to steal sensitive data that was later sold to malicious actors for use in data breach campaigns.

According to Google, the company has been monitoring recent versions of CryptBot that were impersonating its browser and mapping software. Through its investigation, Google identified the malware’s distributors based in Pakistan and took appropriate action to disrupt their operations.

To combat the malware’s distribution, Google filed a legal complaint against several CryptBot’s major distributors. The tech giant confirmed on Wednesday that it obtained a temporary court order restricting the developers’ capability to spread the info stealer malware.

The order, granted by a federal judge in the Southern District of New York, enables Google to take down current and future domains linked to the distribution of CryptBot malware. This development marks a significant milestone in the fight against CryptBot and highlights the importance of collaboration between the private sector and law enforcement to combat cybercrime.

In a recent blog post, Google stated that its actions against CryptBot’s distributors would slow the occurrence of new infections and decelerate the malware’s growth. The tech giant believes that lawsuits establish legal precedents and put those profiting from cybercrime and others within the same criminal ecosystem under scrutiny. Therefore, the litigation against CryptBot’s distributors is a significant step forward in holding cybercriminals accountable.

Google’s disruption of CryptBot follows its legal action against two alleged operators of the Russia-based Glupteba botnet earlier this year. The tech giant accused the botnet of stealing login credentials and account information from Google users.

As a result of Google’s disruption efforts, the company observed a 78% reduction in Glupteba infections. This success reinforces the importance of coordinated efforts between the private sector and law enforcement to combat cybercrime and protect internet users worldwide.

Related Stories: