Google Gets Court Order to Take Down CryptBot

Google has obtained a court order to disrupt the distribution of a Windows-based information-stealing malware called CryptBot, which is estimated to have infected over 670,000 computers in 2022.

The malware steals sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then sold to other attackers for use in data breach campaigns. CryptBot was first discovered in the wild in December 2019 and is traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome hosted on fake websites.

In March 2022, BlackBerry disclosed details of a new and improved version of the malicious infostealer that was distributed via compromised pirate sites that purport to offer “cracked” versions of various software and video games. Google suspects that the major distributors of CryptBot are operating a “worldwide criminal enterprise” based out of Pakistan.

As a result, the court order granted by a federal judge in the Southern District of New York will be used to “take down current and future domains that are tied to the distribution of CryptBot,” thereby reducing the spread of new infections.

To mitigate risks posed by such threats, it is advised to only download software from well-known and trusted sources, scrutinize reviews, and ensure that the device’s operating system and software are kept up-to-date.

This disclosure comes after Microsoft, Fortra, and Health Information Sharing and Analysis Center (Health-ISAC) legally joined hands to dismantle servers hosting illegal, legacy copies of Cobalt Strike to prevent the tool’s abuse by threat actors. It also follows Google’s endeavors to shut down the command-and-control infrastructure associated with a botnet dubbed Glupteba in December 2021. The malware, however, staged a return six months later as part of an “upscaled” campaign.

In conclusion, the court order obtained by Google is an important step in disrupting the distribution of CryptBot and holding those who profit from its distribution accountable. However, it also highlights the need for continued vigilance in the face of evolving threats and the importance of adopting best practices to minimize the risks posed by malware and other cyber threats.

that’s it <3