Google obtained a temporary court order against CryptBot distributors

Google obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot information stealer.

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot.

The IT giant obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year.

Google targeted the distributors of the malware who are paid to spread and deliver the malicious code and infect a larger number of systems as possible.

“Cybercriminals often operate like businesses, specializing in a particular function, and partner with other criminal specialists to profit off harm to innocent users. This lawsuit targeting Cryptbot’s malware distributors shows our commitment to protecting users from each level of the cybercriminal ecosystem.” reads the announcement published by Google.

CryptBot malware is active since at least 2019, it allows operators to steal sensitive data from the Google Chrome of the infected systems. The malware allows operators to steal login credentials from popular services such as social media platforms and cryptocurrency wallets, then stolen data is sold on cybercrime forums by the operators.

CryptBot distributors spread the malware through modified versions of legitimate software such as Google Earth Pro and Google Chrome. Recent CryptBot versions specifically target Google Chrome users.

Google believes that many CryptBot’s major distributors are based in Pakistan and operate on a global scale.

“The legal complaint is based on a variety of claims, including computer fraud and abuse and trademark infringement. To hamper the spread of CryptBot, the court has granted a temporary restraining order to bolster our ongoing technical disruption efforts against the distributors and their infrastructure.” continues the announcement. “The court order allows us to take down current and future domains that are tied to the distribution of CryptBot.”

Google hopes that this court order will allow it to decelerate the growth of CryptBot.

To prevent infections from malware like Cryptbot, Cybercrime Support Network recommends users to

• Download from well-known and trusted sources.
• Before downloading any software, do research on the product, and read reviews from others who have already downloaded and used the software.
• Keep your operating system and software up-to-date.

“This litigation is another step forward in holding cybercriminals accountable, by not just targeting those that operate botnets, but also those that profit from malware distribution.” concludes the announcemebt. “With these, and future actions, we look forward to continuing our ongoing commitment to help protect the safety of online users.”

In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021.

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers.

The operators behind the botnet, however, recovered their operations in June 2022 and launched a new campaign after the Google lawsuit.

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)