Google has disrupted infrastructure linked to the notorious CryptBot malware, which the company claims has stolen data from hundreds of thousands of browser users in the past year alone.
CryptBot is malicious information-stealing malware first discovered in 2019. The infostealer malware is typically distributed by spoofed websites masquerading as legitimate software sites that offer free downloads. Once installed, the malware steals sensitive information from infected computers, like passwords, cookies, cryptocurrency wallets and credit card information.
In a blog post, Google said it observed the malware spreading by way of maliciously modified apps, including Google Chrome and Google Earth Pro. In the last 12 months, Google says the malware compromised about 670,000 computers in order to steal sensitive information that’s “eventually sold to bad actors to use in data breach campaigns.”
Google said it tracked recent CryptBot versions impersonating its browser and mapping software, worked to identify the malware’s Pakistan-based distributors, and took action.
After filing a legal complaint against several of CryptBot’s major distributors, the tech giant confirmed Wednesday that it had secured a temporary court order to hamper the developers’ ability to spread the infostealer malware.
The order, granted by a federal judge in the Southern District of New York, allows Google to take down current and future domains that are linked to the distribution of the CryptBot malware.
“This will slow new infections from occurring and decelerate the growth of CryptBot,” the technology giant said in a blog post. “Lawsuits have the effect of establishing both legal precedent and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny. This litigation is another step forward in holding cybercriminals accountable, by not just targeting those that operate botnets, but also those that profit from malware distribution.”
Google’s disruption of CryptBot comes after the company took legal action in 2021 against the two alleged operators of the Russia-based Glupteba botnet, which the company said was used to steal Google users’ logins and account information.
As a result of its disruption efforts, Google said it observed a 78% reduction in Glupteba infections.