Google announced Wednesday that it has obtained a temporary court order in the United States to block the distribution and “slow down” the growth of a Windows-based information-stealing malware called CryptBot.
Technology giants Mike Trinne and Pierre Marc Bülow said the effort is part of a move to “not only hold malware criminals accountable, but also hold accountable those who profit from the distribution of malware.” said to be a department.
cryptobot is estimated to have infected over 670,000 computers in 2022 and aims to steal sensitive data such as authentication credentials, social media account logins and cryptocurrency wallets from Google Chrome users. .
Collected data is leaked to attackers, who sell the data to other attackers for use in data breach campaigns. CryptBot was first discovered in December 2019.
This malware has traditionally been distributed via maliciously modified versions of legitimate popular software packages such as Google Earth Pro and Google Chrome hosted on fake websites.
Additionally, the CryptBot campaign discovered by Red Canary in December 2021 used KMSPico, an unofficial tool used to illegally activate Microsoft Office and Windows without a license key, as a delivery vector. rice field.
Then, in March 2022, BlackBerry revealed details of a new and improved version of the malicious infostealer distributed via compromised pirate sites purporting to offer “cracked” versions of various software and video games. Did.
According to Google, CryptBot’s main distributor is suspected of running a “global criminal enterprise” based in Pakistan.
Google said it intends to use a court order issued by a federal judge for the Southern District of New York to “remove current and future domains associated with the distribution of CryptBot” to stem the spread of new infections. said.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Save my seat!
To reduce the risk posed by such threats, download software only from well-known and trusted sources, scrutinize reviews, and ensure that your device’s operating system and software are kept up to date. It is recommended to check.
This disclosure marks the legal cooperation of Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) to dismantle the servers hosting illegal legacy copies of Cobalt Strike and to prevent threat actors from exploiting the tool. It was done several weeks after preventing
This also follows Google’s efforts to shut down the command and control infrastructure associated with a botnet called Glupteba in December 2021. However, the malware was resurrected six months later as part of an ‘expansion’ campaign.
