Google Takes Down CryptBot: Over 670K Computers Infected

Reading Time: ( Word Count: )

April 27, 2023
Nextdoorsec-course

On Wednesday, Google announced that it had obtained a temporary court order in the US to disrupt the malware distribution named CryptBot. The spyware collects private information from Google Chrome users, including login information for social networking accounts, digital currency accounts, and authentication details. 

More than 670k PCs were attacked by CryptBot in 2022, and the captured data was traded to different hackers for use in hacking activities. By court order, Google plans to remove all active and prospective sites connected to the dissemination of CryptBot.

Mike Trinh and Pierre-Marc Bureau from Google stated that the tech giant is taking action to punish individuals who gain from the spread of ransomware and its illicit owners responsible. CryptBot, initially identified in December 2019, spreads by deliberately altered versions of well-known software programs like Google Earth Pro and Google Chrome that are stored on bogus websites.

Also Read: “Chinese Hackers Expand Targets with PingPull Linux Variant: Financial and Government Entities at Risk”

The infection has been spread through hacked thief websites that provide “cracked” editions of several programs and video games.

In December 2021, Red Canary discovered a CryptBot campaign that used KMSPico, an unofficial tool to activate Microsoft Office and Windows without a license key, as a delivery vector. BlackBerry also updated and released the harmful info stealer in March 2022 via hacked piracy websites. Google believes that the leading CryptBot dealers are conducting a global criminal organization out of Pakistan.

Users are encouraged to only download applications from trustworthy websites, carefully read feedback, and ensure that both the software and the OS on their device are updated to minimize the dangers of such attacks. The disclosure from Google comes after Microsoft, Fortra, and Health-ISAC legally dismantled servers hosting illegal copies of Cobalt Strike to prevent the tool’s abuse by threat actors. In December 2021, Google replaced the order-and-control system linked to the Glupteba botnet. However, the virus returned six months later with an “upscaled” assault. 

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *