Google removes malware framework linked to Cryptbot information stealer after prosecuting those who use it to infect Google Chrome users and steal their data.

The lawsuit targets Cryptbot’s infrastructure and distribution network, the disruption of which would help reduce the number of victims having their sensitive information stolen using the malware.

“Yesterday, a federal judge in the Southern District of New York uncovered our civil action against Cryptbot malware distributors, which we believe infected approximately 670,000 computers last year and targeted Google Chrome users to steal their data,” the litigation manager said. Advance Mike Trinh and Pierre-Marc Office of the Threat Analysis Group said.

“We target distributors who are paid to widely distribute malware that users download and install, which then infects machines and steals user data.”

To prevent the spread of CryptBot, the court granted Google a temporary restraining order that allows the company to disrupt distributors and their infrastructure.

Court allows Google to remove domains associated with CryptBot distribution (active and to be registered after the order is issued), helping to reduce new infections and slow the growth of the malware network.

“To hinder the spread of CryptBot, the court granted a temporary restraining order to bolster our ongoing technical disruption efforts against distributors and their infrastructure,” Trinh and Bureau said.

“The court order allows us to remove current and future domains related to the distribution of CryptBot.”

What is CryptoBot

The CryptBot information stealer is a Windows malware designed to steal sensitive information from victims’ computers. This information may include login credentials, credit card information, and other personal or financial data that can be used for various fraudulent purposes.

Once the malware infects a device, it silently collects data and sends it back to the command and control (C2) server without the knowledge of the victims.

Data stolen by CryptBot can be used for various criminal activities, including identity theft, financial fraud, as well as unauthorized access to accounts and systems.

“Recent versions of CryptBot were designed to specifically target Google Chrome users, where teams from Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) worked to identify distributors, investigate and take action. “, said Google.

The company also has filed a lawsuit to disrupt the Glupteba botnet in December 2021 after the modular, blockchain-enabled malware infected more than one million Windows devices worldwide since 2011.

As revealed in November 2022, Google TAG observed a 78% decrease in Glupteba infections despite the botnet resumes its operations after the initial disruptive action.