April 28, 2023

Google has received a temporary court order in the United States to halt the circulation of CryptBot, a Windows-based spyware that steals information.

According to Google’s Mike Trinh and Pierre-Marc Bureau, the measures are part of attempts to hold not just the criminal operators of malware responsible, but also those who benefit from its propagation.

CryptBot, identified in December 2019, affected approximately 670,000 machines by 2022, and has historically been spread via maliciously modified versions of legal software packages such as Google Earth Pro and Google Chrome housed on bogus websites. It aims to steal sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome.

The information is subsequently distributed to other attackers for use in data breach efforts. Google wants to use the court order issued by a federal judge in the Southern District of New York to take down current and future domains associated with CryptBot distribution.

The primary CryptBot distributors are accused of running a “global criminal enterprise” out of Pakistan. Experts suggested downloading software only from well-known and reliable sources, analyzing reviews, and ensuring that the device’s operating system and software are maintained up to date to limit the hazards posed by such attacks.

The publication comes on the heels of Google’s efforts to take down the command-and-control infrastructure linked with the Glupteba botnet in December 2021.

The sources for this piece include an article in TheHackerNews.