Google obtained a temporary court order against CryptBot distributors

April 28, 2023  By Pierluigi Paganini


Google obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot information stealer.

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot.

The IT giant obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year.

Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible.

“Cybercriminals often operate like businesses, specializing in a particular function, and partner with other criminal specialists to profit off harm to innocent users. This lawsuit targeting Cryptbot’s malware distributors shows our commitment to protecting users from each level of the cybercriminal ecosystem.” reads the announcement published by Google.

CryptBot malware is active since at least 2019, it allows operators to steal sensitive data from the Google Chrome of the infected systems. The malware allows operators to steal login credentials from popular services such as social media platforms and cryptocurrency wallets, then stolen data is sold on cybercrime forums by the operators.

CryptBot distributors spread the malware through modified versions of legitimate software such as Google Earth Pro and Google Chrome. Recent CryptBot versions specifically target Google Chrome users.

Google believes that many CryptBot’s major distributors are based in Pakistan and operate on a global scale.

“The legal complaint is based on a variety of claims, including computer fraud and abuse and trademark infringement. To hamper the spread of CryptBot, the court has granted a temporary restraining order to bolster our ongoing technical disruption efforts against the distributors and their infrastructure.” continues the announcement. “The court order allows us to take down current and future domains that are tied to the distribution of CryptBot.”

Google hopes that this court order will allow it to decelerate the growth of CryptBot.

To prevent infections from malware like Cryptbot, Cybercrime Support Network recommends users to

  • Download from well-known and trusted sources.
  • Before downloading any software, do research on the product, and read reviews from others who have already downloaded and used the software.
  • Keep your operating system and software up-to-date.

“This litigation is another step forward in holding cybercriminals accountable, by not just targeting those that operate botnets, but also those that profit from malware distribution.” concludes the announcemebt. “With these, and future actions, we look forward to continuing our ongoing commitment to help protect the safety of online users.”

In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021.

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.

The operators behind the botnet, however, recovered their operations in June 2022 and launched a new campaign after the Google lawsuit.

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Researchers found the first Linux variant of the RTM locker

 RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs...