Google has disrupted infrastructure linked to the notorious CryptBot malware, which the company claims has stolen data from hundreds of thousands of browser users in the past year alone.
CryptBot is malicious information-stealing malware first discovered in 2019. The infostealer malware is typically distributed by spoofed websites masquerading as legitimate software sites that offer free downloads. Once installed, the malware steals sensitive information from infected computers, like passwords, cookies, cryptocurrency wallets and credit card information.
In a blog post, Google said it observed the malware spreading by way of maliciously modified apps, including Google Chrome and Google Earth Pro. In the last 12 months, Google says the malware compromised about 670,000 computers in order to steal sensitive information that’s “eventually sold to bad actors to use in data breach campaigns.”
Google said it tracked recent CryptBot versions impersonating its browser and mapping software, worked to identify the malware’s Pakistan-based distributors, and took action.
After filing a legal complaint against several of CryptBot’s major distributors, the tech giant confirmed Wednesday that it had secured a temporary court order to hamper the developers’ ability to spread the infostealer malware.
The order, granted by a federal judge in the Southern District of New York, allows Google to take down current and future domains that are linked to the distribution of the CryptBot malware.
“This will slow new infections from occurring and decelerate the growth of CryptBot,” the technology giant said in a blog post. “Lawsuits have the effect of establishing both legal precedent and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny. This litigation is another step forward in holding cybercriminals accountable, by not just targeting those that operate botnets, but also those that profit from malware distribution.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Google’s disruption of CryptBot comes after the company took legal action in 2021 against the two alleged operators of the Russia-based Glupteba botnet, which the company said was used to steal Google users’ logins and account information.
As a result of its disruption efforts, Google said it observed a 78% reduction in Glupteba infections.
Google disrupts Russian botnet that infected 1 million Windows machines
