Google gets green light to go after distributors of CryptBot malware

A federal judge is allowing Google to take down current and future domains tied to the distribution of the CryptBot infostealer malware.

On April 25, the Southern District of New York unsealed Google's civil action against the distributors of the malware. Court documents revealed the malware is estimated to have infected about 670,000 computers in the last year. Targets of the malware were instances of Google's Chrome web browser with the goal of siphoning private data of users.

“This lawsuit targeting CryptBot’s malware distributors shows our commitment to protecting users from each level of the cybercriminal ecosystem,” wrote Mike Trinh, Google’s head litigator and Pierre-Marc Bureau, with Google's Threat Analysis Group, in a blog posted Wednesday.

CryptBot is an infostealer malware that is designed to identify and steal sensitive information from an infected computer, including authentication credentials, social media account logins, cryptocurrency wallets, and more, according to Google. The malware’s distributors offer malicious versions of software to infect machines, including with Google’s Earth Pro and Chrome. 

What can Google do to fight CyptBot?

The major distributors of CryptBot are believed to be based in Pakistan and have a global reach. As Sophos’ Naked Security blog noted in its review of the court order, Google is allowed to identify network providers whose services directly and indirectly make the malware’s distribution possible. 

“Presumably to make it harder for these alleged crooks simply to shift their servers to hosting providers that either can’t be identified at all … this court order even covers blocking network traffic that is known to be going to or coming from domains associated with the CryptBot crew,” the Naked Security blog post noted, adding that it’s assuming that internet service providers (ISPs) may end up with a legal responsibility for filtering out any malicious traffic.

Trinh and Bureau noted that the complaint is based on a number of claims, including computer fraud and trademark infringement, and said that the court order will slow new infections of the malware and puts those profiting from CryptBot’s distribution under scrutiny.

Google announced in December 2021 that it coordinated with industry partners to disrupt the Glupteba botnet that was believed to have infected a million devices.