Google: Tales from the Crypt(Bot infostealer).
the cyberwire logoApr 27, 2023

After the CryptBot infostealer began targeting Google Chrome users, Google obtained a court order allowing them to disrupt the hacker’s operations.

Google: Tales from the Crypt(Bot infostealer).

Google blogged yesterday explaining steps they’re taking to disrupt the CryptBot malware gang’s infrastructure after securing a court order against the malware’s operators. 

Google targets the distributors of the malware.

The tech giant has filed litigation against the CryptBot distributors, who they believe operate out of Pakistan and run what they call a “worldwide criminal enterprise.“ The legal complaint Google filed is based on multiple claims, which include “computer fraud and abuse and trademark infringement.” The company has been granted a temporary restraining order, Bleeping Computer reports, that allows for them to take down domains both now, and in the future that are linked to the malware. Google says that this will hinder CryptBot’s growth and decelerate the infection rate (which Google estimated at about 670,000 last year). “Lawsuits have the effect of establishing both legal precedent and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny.”

About the CryptBot malware.

The CryptBot infostealer was first observed in 2019 and has a history of data stealing, Decipher reports. CryptBot is dispersed via cracked versions of legitimate software, such as Google Earth Pro or Chrome. They’ve been observed stealing social media credentials, browser credentials and history, credit card information, and the like. The data is then sold to hackers attempting to use the information in a data breach campaign. This action against CryptBot follows legal action by Google in 2021 against the Glupteba botnet, TechCrunch reports, which was said to reduce Glupteba infections by 78%.