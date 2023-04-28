



Google said it had obtained a court order to shut down the domains used to distribute CryptBot after suing distributors of information-stealing malware.

According to Chocolate Factory estimates, the software infected around 670,000 Windows computers over the past year and specifically targeted Chrome users, exfiltrating login details, browser cookies, cryptocurrencies, and other sensitive information from the PCs. was stolen.

This week, a New York federal judge unsealed a lawsuit filed by Google against malware Slinger. The US giant has accused its distributors of committing computer fraud and abuse, as well as trademark infringement by using Google’s marks for fraud. We have allowed you to shut down your Internet infrastructure.

Typically, in these types of cases, Google issues injunctions to registrars and registries of domain names used to spread malware, and either disables or surrenders those domains.

“Our lawsuit is based in Pakistan and is brought against several of CryptBot’s major distributors who are believed to be operating global criminal enterprises,” said Google’s head of litigation promotion. One Mike Trinh and Pierre-Marc Bureau of the Threat Analysis Group said:

The injunction “strengthens efforts to address ongoing technical disruption to distributors and their infrastructure,” they added. ”

Remotely controlled malware steals sensitive information from the victim’s computer. This includes authentication credentials, login information for social media accounts, credit card information, digital currency wallets and other personal information. Criminals can sell this information on the market or use it for future fraud or break-ins.

The distributor targeted in the lawsuit allegedly ran a website that unknowingly lured users into downloading malicious versions of Google Earth Pro and Google Chrome. I thought these marks were real, but instead I’m getting versions stuffed with information-stealing malware. Installing software on your computer will infect your machine with CryptBot.

“The most recent version of CryptBot specifically targeted Google Chrome users, where Google’s Cyber ​​Crime Investigation Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify, investigate and take action on distributors. It’s designed to do that,” said Trinh and Bureau.

The removal of the CryptBot infrastructure comes about five months after Google won a year-long legal battle against the alleged Russian-based Glupteba botnet operator.

According to Google, Glupteba compromised “millions” of Windows devices.

Google is suing Dmitry Starovikov and Alexander Filippov and 15 other John and Jane Does in December 2021, stating in the original complaint: [PDF] The botnet “sets itself apart from traditional botnets in that it is technologically sophisticated. Unlike other botnets, the Glupteba botnet uses blockchain technology to keep itself out of chaos. I am protecting you.”

