Google Goes After CryptBot Distributors Stealing Sensitive Data

By   Olivia William
Writer , Information Security Buzz | Apr 27, 2023 03:09 am PST

Google has filed a lawsuit against individuals who use Cryptbot to infect Google Chrome users and steal their data. As part of its efforts to combat this malicious activity, Google is taking down the malware infrastructure associated with Cryptbot. In today’s constantly evolving landscape of cybersecurity threats, companies such as Google play a critical role in ensuring the safety of software users.

Their efforts to plug vulnerabilities and safeguard against exploitation through technical means are often essential. However, legal actions against cyber criminals also play a vital role in bringing these bad actors to justice.

Currently, Google is employing a combination of both technical and legal measures in its efforts to combat the distributors of the CryptBot malware. This approach involves taking legal action against those responsible and dismantling the malware infrastructure associated with CryptBot. By pursuing this multifaceted strategy, Google is demonstrating its stand in ensuring the safety of its users and protecting them from malicious attacks.

Crackdown On Cybercriminals

Google’s relentless pursuit of cybercriminals continues with their latest crackdown on malware distributors responsible for CryptBot, a malicious software that steals sensitive information from users’ computers. According to Google, CryptBot has infected around 670,000 computers in the past year, with Google Chrome users being the primary targets.

A federal judge from the Southern District of New York recently unsealed the civil action brought by Google against the malware distributors. This action demonstrates Google’s unwavering commitment to disrupting cybercriminal ecosystems that aim to exploit online users. This success follows Google’s victory last year in holding the operators of the Glupteba botnet accountable.

What is CryptBot? 

CryptBot is a type of malware classified as an “infostealer” that can identify and extract sensitive data from victims’ computers. It is designed to steal various types of information, including authentication credentials, social media account logins, and cryptocurrency wallets. 

Once the malware infects a device, it operates surreptitiously by extracting data and transmitting it to the control (C2) server without the victims’ knowledge. The stolen data is then sold to bad actors for use in data breach campaigns, making it a significant threat to individuals and organizations alike.

According to Google, the latest versions of CryptBot have been made with the aim of targeting Google Chrome users specifically. This prompted Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams to focus their efforts on identifying the distributors, conducting investigations, and taking appropriate action.

CryptBot distributors have been selling maliciously modified Google Earth Pro and Google Chrome to unwary consumers. Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) pursued the distributors since the virus targeted Chrome users. CryptBot virus can harm people and businesses. 

Legal Strategy & Disruption

Google’s Threat Analysis Group (TAG) recently identified CryptBot as a significant threat to the security of Google Chrome users. After determining that CryptBot was mainly distributed by Pakistan-based entities, who were part of a more extensive global enterprise, Google took action by seeking civil action against these distributors.

According to Mike Trinh, Head of Litigation Advance, and Pierre-Marc Bureau from the Threat Analysis Group,” the legal action taken by Google targets several significant distributors of the CryptBot malware, who are believed to be operating as part of a global criminal organization based in Pakistan.”

The company alleged computer fraud, abuse, and trademark infringement and secured a temporary restraining order from a US federal judge to disrupt CryptBot’s distribution. Google’s objective was to disrupt CryptBot’s command and control infrastructure by seizing the domain names used to coordinate these malware efforts.

He also included that “The legal complaint includes various allegations, such as computer fraud and abuse as well as trademark infringement.”

While Google’s legal efforts against CryptBot’s distributors are commendable, it is crucial to note the importance of safe web browsing practices. It is critical to download apps and software from reliable and official sources and keep operating systems up to date. One must also exercise caution while clicking on links in emails and carefully scrutinizing website URLs since malicious actors can easily spoof web pages.

Bringing cybercriminals to justice is a moral duty, and big tech companies like Google have a significant responsibility to ensure the safety of their users. However, coordination across international boundaries can be notoriously challenging. Nonetheless, Google’s successful legal intervention against CryptBot’s distributors is a significant move in creating a secured and safer online environment.

“They announced that their civil action against the CryptBot malware distributors was unsealed by a federal judge in the (S.D. of New York) on the previous day. According to them, CryptBot affected around 670,000 computers in the past year and primarily targeted Google Chrome users to extract sensitive data.” Trinh and Bureau said

Protecting Against Malware

In order to guard against malware attacks like CryptBot, individuals can take several proactive steps to protect themselves, according to recommendations from the Cybercrime Support Network:

  • Download software and applications only from trusted sources, such as official websites and app stores. Chrome Safe Browsing warnings should also be heeded.
  • Before downloading software, check its legitimacy and read reviews.
  • Keep your operating system and all software up to date by regularly installing security patches and bug fixes. This will help to address known vulnerabilities that can be exploited by cybercriminals.


In December 2021, Google engaged in legal action to disrupt the Glupteba botnet, which had infected over one million Windows devices globally since 2011. Google’s Threat Analysis Group (TAG) announced in November 2022 a significant reduction of 78% in Glupteba infections, even though the botnet had resumed its operations following the initial disruption action. Google’s recent legal action against the distributors of CryptBot malware represents a significant step forward in the fight against cybercrime. By pursuing legal action against both those who operate botnets and those who profit from distributing malware, Google is working to enhance the security of internet users.

Google has clarified that it is committed to this mission and intends to maintain its efforts. As a result, individuals and businesses can take comfort in knowing that Google is doing its part to protect them from the harmful effects of cyberattacks. In addition to Google’s efforts, it’s also essential for users to take steps to safeguard themselves against malware. The Cybercrime Support Network recommends several best practices, including downloading only from trusted sources, conducting research before installing any software, and regularly updating operating systems and software with security patches and bug fixes.