Google Gets Court Order To Take Down CryptBot That Infected Over 670,000 Computers (thehackernews.com) 14
An anonymous reader quotes a report from The Hacker News: Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was first discovered in the wild in December 2019.
The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome that are hosted on fake websites. [...] The major distributors of CryptBot, per Google, are suspected to be operating a "worldwide criminal enterprise" based out of Pakistan. Google said it intends to use the court order, granted by a federal judge in the Southern District of New York, to "take down current and future domains that are tied to the distribution of CryptBot," thereby kneecapping the spread of new infections.
The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Google Earth Pro and Google Chrome that are hosted on fake websites. [...] The major distributors of CryptBot, per Google, are suspected to be operating a "worldwide criminal enterprise" based out of Pakistan. Google said it intends to use the court order, granted by a federal judge in the Southern District of New York, to "take down current and future domains that are tied to the distribution of CryptBot," thereby kneecapping the spread of new infections.
Google doesn't like competition (Score:4, Interesting)
Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware
Google has a monopoly on information-stealing malware. Bad idea to compete against them.
Re: (Score:3)
Especially infringing their trademark, which is how they were able to get the court order.
Re:Google doesn't like competition (Score:4, Interesting)
Google has a monopoly on information-stealing malware.
I sure hope you didn't type that comment on a Windows machine, or Microsoft's spymasters are going to laugh and laugh when they read your telemetry data.
Re: (Score:2)
You mean the bot that analyzes telemetry data for MS will laugh. I presume bots have a sense of humor.
Re: (Score:1)
Take down? (Score:2)
How? I read the bit about blocking the domains hosting the malware. But Google isn't everyone else's DNS service. Wouldn't the Court be better off serving the registrar of the evil domain? Or ordering it to be seized?
Re: (Score:2)
Re: (Score:2)
If you can't find the sites using a Google search, the sites might as well not exist.
Revoke LetsEncrypt (Score:2)
I wonder if court order could force LetsEncrypt to revoke existing certificates and deny new ones. With support for plain HTTP progressively disappearing, it would turn LetsEncrypt a single point of control over domains.
Not saying it is good or bad. It would be worrying for freedom though.
How much is self inflicted? (Score:2)
Why is Google doing this and not the Feds? (Score:2)
Why can't the FBI target these malicious bot networks? They seem to be only focusing on software sharing sites and torrent networks.
Seems crazy that Google has to do this in the lack of the FBI's action.