Google has disrupted infrastructure associated with the infamous CryptBot malware, which the company claims has stolen data from hundreds of thousands of browser users in the past year alone.
CryptBot is an information stealing malware that was first discovered in 2019. The hacked malware is usually distributed by scam websites masquerading as legitimate software sites offering free downloads. Once installed, the malware steals sensitive information from infected computers, such as passwords, cookies, cryptocurrency wallets, and credit card information.
In a blog post, Google said it has observed malware being spread by maliciously modified apps, including Google Chrome and Google Earth Pro. In the past 12 months, Google says the malware has breached about 670,000 computers to steal sensitive information that was “ultimately sold to bad actors for use in data breach campaigns.”
Google said it tracked recent versions of CryptBot impersonating its browser-mapping software, worked to identify malware distributors in Pakistan, and took action.
After filing legal complaints against several major distributors of CryptBot, the tech giant confirmed Wednesday that it had obtained a temporary court order to block developers’ ability to spread malware.
The order, granted by a federal judge in the Southern District of New York, allows Google to remove current and future domains linked to the distribution of the CryptBot malware.
“This will slow down the incidence of new infections and slow down the growth of CryptBot,” the tech giant said in a blog post. “The lawsuits have the effect of creating a legal precedent and putting those who profit, and others in the same criminal system, in check. This litigation marks another step forward in holding cybercriminals accountable, not only by targeting those who run botnets, but also Those who benefit from distributing malware.”
Google’s deactivation of CryptBot comes after the company took legal action in 2021 against the alleged operators of the Russia-based Glupteba botnet, which the company said was used to steal Google users’ logins and account information.
As a result of the opt-out effort, Google said it saw a 78% decrease in Glupteba infections.