Google takes down Cryptbot hacking tools

AI big data world
(Image credit: / Fit Ztudio)

Google is taking legal action against the operators of Cryptbot, an infostealer capable of stealing sensitive data from users of it Chrome browser

It hopes that the move will curb the efforts of the threat actors who allegedly attacked hundreds of thousands of people last year, alone.

Google has filed a lawsuit against the infrastructure and distribution network of Cryptbot, and has been given a temporary restraining order allowing it to bring malicious domains offline.

Worldwide criminal enterprise

"Our litigation was filed against several of CryptBot’s major distributors who we believe are based in Pakistan and operate a worldwide criminal enterprise," Google Head of Litigation Advance Mike Trinh and Threat Analysis Group's Pierre-Marc Bureau said. "The legal complaint is based on a variety of claims, including computer fraud and abuse and trademark infringement."

Now, with the restraining order, Google can quickly spring into action, too: "Yesterday, a federal judge in the Southern District of New York unsealed our civil action against the malware distributors of Cryptbot, which we estimate infected approximately 670,000 computers this past year and targeted users of Google Chrome to steal their data," Trinh and Bureau added.

"We're targeting the distributors who are paid to spread malware broadly for users to download and install, which subsequently infects machines and steals user data."

Cryptbot is your average infostealer that targets Windows users in an attempt to grab their passwords, credit card information, or other useful and potentially valuable data. Usually, the operators would sell this information on the black market, giving other hackers the tools needed to engage in identity theft, or financial fraud.

"Recent Cryptbot versions have been designed to specifically target users of Google Chrome, which is where Google's CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action," Google said.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.