Google takes down Cryptbot hacking tools

Google has filed a lawsuit against the infrastructure and distribution network of Cryptbot, and has been given a temporary restraining order allowing it to bring malicious domains offline.

Worldwide criminal enterprise

"Our litigation was filed against several of CryptBot’s major distributors who we believe are based in Pakistan and operate a worldwide criminal enterprise," Google Head of Litigation Advance Mike Trinh and Threat Analysis Group's Pierre-Marc Bureau said. "The legal complaint is based on a variety of claims, including computer fraud and abuse and trademark infringement."

Now, with the restraining order, Google can quickly spring into action, too: "Yesterday, a federal judge in the Southern District of New York unsealed our civil action against the malware distributors of Cryptbot, which we estimate infected approximately 670,000 computers this past year and targeted users of Google Chrome to steal their data," Trinh and Bureau added.

"We're targeting the distributors who are paid to spread malware broadly for users to download and install, which subsequently infects machines and steals user data."

Cryptbot is your average infostealer that targets Windows users in an attempt to grab their passwords, credit card information, or other useful and potentially valuable data. Usually, the operators would sell this information on the black market, giving other hackers the tools needed to engage in identity theft, or financial fraud.

"Recent Cryptbot versions have been designed to specifically target users of Google Chrome, which is where Google's CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action," Google said.

• Check out the best ID theft protection solutions

Via: BleepingComputer