Share this article on:
Tech giant Google has obtained a court order to shut down the operations of a malware operation that has targeted users of its Chrome web browser.
A judge unsealed the company’s civil action this week, revealing some of the distributors behind the malware, CryptBot. Three Pakistani individuals are named in the document, as well as a further 15 unnamed defendants.
Through the court action and temporary restraining order, Google can now take down existing and future domains spreading the malware.
CryptBot is spread via cracked versions of legitimate Google products, like Chrome and Google Earth Pro, which, when installed, also installs the info-stealing malware. CryptBot can steal login details for social media accounts, cryptocurrency wallets, and more.
“Recent CryptBot versions have been designed to specifically target users of Google Chrome, which is where Google’s CyberCrimes Investigations Group (CCIG) and Threat Analysis Group (TAG) teams worked to identify the distributors, investigate and take action,” Google said in a blog post.
The court order itself is based around both copyright infringement, as the malicious sites hosting the malware use Google’s own trademarked logos, and both the Racketeer Influenced and Corrupt Organizations Act — also simply known as the RICO act — and the Computer Fraud and Abuse Act.
“Lawsuits have the effect of establishing both legal precedent and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny,” Google said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.