Google said it has block the infamous CryptBot malware, which the company claims has stolen data from hundreds of thousands of Chrome browser users in the previous year.
The company claims that CryptBot is a unique type of malware known as a “infostealer” since it is designed to identify and steal sensitive information from victims’ computers, including login information for social media accounts, cryptocurrency wallets, and more.
CryptBot then forwards the stolen data to be harvested and ultimately sold to criminal parties for use in data breach campaigns.
Google also revealed that the malware was distributed via deliberately modified software such as Google Chrome and Google Earth Pro. This year, the malware infected around 6,70,000 computers and targeted Google Chrome users to steal personal data.
Google tracked the malware’s Pakistan-based distributors, identified the virus, and took action in response to recent CryptBot versions spoofing its browser software and mapping tools.
The tech giant announced on Wednesday that it had successfully acquired a temporary court order restricting the creators’ capacity to disseminate the infostealer malware following the filing of a legal case against several of CryptBot’s key distributors.
“Our litigation was filed against several of CryptBot’s major distributors who we believe are based in Pakistan and operate a worldwide criminal enterprise. The legal complaint is based on a variety of claims, including computer fraud and abuse and trademark infringement.
“To hamper the spread of CryptBot, the court has granted a temporary restraining order to bolster our ongoing technical disruption efforts against the distributors and their infrastructure,” Google said in a blogpost.
Google has been able to remove all active and future domains linked to the CryptBot malware dissemination thanks to an injunction issued by a federal judge in the Southern District of New York in the US.