Google Takes Down CryptBot: Over 670K Computers Infected

Reading Time: ( Word Count: )

April 27, 2023
Nextdoorsec-course

On Wednesday, Google announced that it had obtained a temporary court order in the US to disrupt the malware distribution named CryptBot. The spyware collects private information from Google Chrome users, including login information for social networking accounts, digital currency accounts, and authentication details. 

More than 670k PCs were attacked by CryptBot in 2022, and the captured data was traded to different hackers for use in hacking activities. By court order, Google plans to remove all active and prospective sites connected to the dissemination of CryptBot.

Mike Trinh and Pierre-Marc Bureau from Google stated that the tech giant is taking action to punish individuals who gain from the spread of ransomware and its illicit owners responsible. CryptBot, initially identified in December 2019, spreads by deliberately altered versions of well-known software programs like Google Earth Pro and Google Chrome that are stored on bogus websites.

Also Read: “Chinese Hackers Expand Targets with PingPull Linux Variant: Financial and Government Entities at Risk”

The infection has been spread through hacked thief websites that provide “cracked” editions of several programs and video games.

In December 2021, Red Canary discovered a CryptBot campaign that used KMSPico, an unofficial tool to activate Microsoft Office and Windows without a license key, as a delivery vector. BlackBerry also updated and released the harmful info stealer in March 2022 via hacked piracy websites. Google believes that the leading CryptBot dealers are conducting a global criminal organization out of Pakistan.

Users are encouraged to only download applications from trustworthy websites, carefully read feedback, and ensure that both the software and the OS on their device are updated to minimize the dangers of such attacks. The disclosure from Google comes after Microsoft, Fortra, and Health-ISAC legally dismantled servers hosting illegal copies of Cobalt Strike to prevent the tool’s abuse by threat actors. In December 2021, Google replaced the order-and-control system linked to the Glupteba botnet. However, the virus returned six months later with an “upscaled” assault. 

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Top 10 Mobile App Penetration Tools and Services of 2024

Top 10 Mobile App Penetration Tools and Services of 2024

In the ever-evolving landscape of mobile applications, security remains a paramount concern. With the surge in the ...
Best Vulnerability Scanning Services of 2024

Best Vulnerability Scanning Services of 2024

In the rapidly evolving digital landscape, cybersecurity is not just a necessity but a critical imperative for ...
The Secrets Behind Email Spoofing vs Phishing Uncovered

The Secrets Behind Email Spoofing vs Phishing Uncovered

In the realm of computer network security, email-based threats have emerged as a significant concern for ...
Experts’ Choice: Top Network Security Tools You Need to Know

Experts’ Choice: Top Network Security Tools You Need to Know

In the ever-evolving landscape of cyber threats, safeguarding the sanctum of computer network security has become ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *