CryptBot refers to an infostealer targeting Windows operating systems. It is designed to steal sensitive information from infected computers, such as account passwords saved in browsers, cookies, payment information, and cryptocurrency wallets. Then, it archives the data and sends it back to the criminals.
History of CryptBot
CryptBot was first discovered in the wild in 2019, stealing users’ browser and social media credentials, browser history, cookies, and payment information. The stolen data is then harvested and sold to threat actors for use in data breach campaigns. CrypttBot is often distributed as fake pirated software such as KMSPico, modified version of Google Earth Pro and Google Chrome.
CryptBot is capable of extracting data from popular browsers such as Google Chrome, Brave, and Vivaldi as well as cryptocurrency wallets such as Coinomi, Jaxx Liberty, Monero, Exodus, Electrum, and Ledger Live.
In 2023, Google took legal action against the suspected network of distributors of CryptBot who are based in Pakistan. As the civil action alleged, CryptBot distributors are responsible for nearly 700,000 computer infections worldwide. Google has been given a temporary restraining order that enables the company to take down the domains of the distributors.