Google to take down malware operation that stole users’ personal data

Google has been given a go-ahead to take down malware infrastructure linked to the Cryptbot malware that was used to steal users’ personal information. Google estimated that the malware has infected approximately 670,000 computers this past year and targeted users of Google Chrome to steal their data.

The company is targeting the distributors who are paid to spread malware broadly for users to download and install, which infects machines and steals user data.

What is Cryptbot?
CryptBot is a type of malware that is often referred to as an “infostealer”. The malware has been designed to identify and steal sensitive information, such as authentication credentials, social media account logins, cryptocurrency wallets, and more, from victims’ computers.

Read Also

Google explained that CryptBot sends the stolen data to be harvested and eventually sold to bad actors to use in data breach campaigns.

How is Cryptbot distributed?
The malware distributors offer modified versions of many software packages, including Google Earth Pro and Google Chrome. Users then download and install these software, without realising that it is a malicious software intended to infect their machines.

“Recent CryptBot versions have been designed to specifically target users of Google Chrome, which is where Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action,” Google said in a blog post.

Read Also

What is Google doing?
The company has filed litigation against several of CryptBot’s major distributors who we believe are based in Pakistan and operate a worldwide criminal enterprise.

To hamper the spread of CryptBot, the court has granted a temporary restraining order to disrupt the efforts against the distributors and their infrastructure as well as take down current and future domains tied to the distribution of CryptBot.

How will it help customers?
The attack on distributors and infrastructure is expected to slow new infections from occurring and decelerate the growth of CryptBot.

FacebookTwitterLinkedin

Google has been given a go-ahead to take down malware infrastructure linked to the Cryptbot malware that was used to steal users’ personal information. Google estimated that the malware has infected approximately 670,000 computers this past year and targeted users of Google Chrome to steal their data.

The company is targeting the distributors who are paid to spread malware broadly for users to download and install, which infects machines and steals user data.

What is Cryptbot?
CryptBot is a type of malware that is often referred to as an “infostealer”. The malware has been designed to identify and steal sensitive information, such as authentication credentials, social media account logins, cryptocurrency wallets, and more, from victims’ computers.

Read Also

Google explained that CryptBot sends the stolen data to be harvested and eventually sold to bad actors to use in data breach campaigns.

How is Cryptbot distributed?
The malware distributors offer modified versions of many software packages, including Google Earth Pro and Google Chrome. Users then download and install these software, without realising that it is a malicious software intended to infect their machines.

“Recent CryptBot versions have been designed to specifically target users of Google Chrome, which is where Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action,” Google said in a blog post.

Read Also

What is Google doing?
The company has filed litigation against several of CryptBot’s major distributors who we believe are based in Pakistan and operate a worldwide criminal enterprise.

To hamper the spread of CryptBot, the court has granted a temporary restraining order to disrupt the efforts against the distributors and their infrastructure as well as take down current and future domains tied to the distribution of CryptBot.

How will it help customers?
The attack on distributors and infrastructure is expected to slow new infections from occurring and decelerate the growth of CryptBot.

FacebookTwitterLinkedin