Google has taken legal action to take down the malware infrastructure associated with CryptBot info stealer, a Windows malware that is designed to steal sensitive information from victims’ computers. The lawsuit targets CryptBot’s infrastructure and distribution network, which Google believes is operated by a worldwide criminal enterprise based in Pakistan.
The malware has infected around 670,000 computers in the past year and targets users of Google Chrome to steal their data.
To curb the spread of CryptBot, the court has granted Google a temporary restraining order that empowers the company to take down domains associated with CryptBot distribution, which will reduce the number of new infections and decelerate the malware network’s growth.
Google CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action. Recent CryptBot versions have been designed to specifically target users of Google Chrome, according to Google.
The legal complaint is based on various claims, including computer fraud and abuse and trademark infringement. The company is targeting the distributors who are paid to spread malware broadly for users to download and install, which subsequently infects machines and steals user data.
This legal action is part of Google’s ongoing efforts to combat malware and protect users from cybersecurity threats.
In December 2021, Google took legal action to disrupt the Glupteba botnet after the blockchain-enabled and modular malware infected more than one million Windows devices worldwide since 2011. Google TAG observed a 78% drop in Glupteba infections despite the botnet resuming operations after the initial disruption action.
Google’s legal action against CryptBot’s infrastructure and distribution network is expected to have a similar impact on the malware’s spread and reduce the number of victims having their sensitive information stolen.
