On Wednesday, Google announced that it had obtained a temporary court order in the US to disrupt the malware distribution named CryptBot. The spyware collects private information from Google Chrome users, including login information for social networking accounts, digital currency accounts, and authentication details.
More than 670k PCs were attacked by CryptBot in 2022, and the captured data was traded to different hackers for use in hacking activities. By court order, Google plans to remove all active and prospective sites connected to the dissemination of CryptBot.
Mike Trinh and Pierre-Marc Bureau from Google stated that the tech giant is taking action to punish individuals who gain from the spread of ransomware and its illicit owners responsible. CryptBot, initially identified in December 2019, spreads by deliberately altered versions of well-known software programs like Google Earth Pro and Google Chrome that are stored on bogus websites.
Also Read: “Chinese Hackers Expand Targets with PingPull Linux Variant: Financial and Government Entities at Risk”
The infection has been spread through hacked thief websites that provide “cracked” editions of several programs and video games.
In December 2021, Red Canary discovered a CryptBot campaign that used KMSPico, an unofficial tool to activate Microsoft Office and Windows without a license key, as a delivery vector. BlackBerry also updated and released the harmful info stealer in March 2022 via hacked piracy websites. Google believes that the leading CryptBot dealers are conducting a global criminal organization out of Pakistan.
Users are encouraged to only download applications from trustworthy websites, carefully read feedback, and ensure that both the software and the OS on their device are updated to minimize the dangers of such attacks. The disclosure from Google comes after Microsoft, Fortra, and Health-ISAC legally dismantled servers hosting illegal copies of Cobalt Strike to prevent the tool’s abuse by threat actors. In December 2021, Google replaced the order-and-control system linked to the Glupteba botnet. However, the virus returned six months later with an “upscaled” assault.