Last Updated on 22/02/2022 by Nidhi Khandelwal
Multiple websites that offer free downloads of cracks for games and professional software have detected a new version of the CryptBot info stealer in circulation.
CryptBot is a Windows malware that steals information such as saved browser credentials, cookies, browsing history, cryptocurrency wallets, credit cards, and files from affected systems.
The latest version includes new features and optimizations, as well as the deletion of some previous tasks to make the malware tool leaner and more efficient.
CryptBot is currently one of the most moving harmful operations, according to security analysts at Ahn Lab. Threat actors are continually refreshing their C2, dropper sites, and malware itself, hence CryptBot is one of the most shifting malicious operations.
CryptBot threat actors, according to the Ahn Lab analysis, transmit malware through websites posing as software crackers, key generators, or other applications.
To obtain widespread exposure, threat actors use search engine optimization to place malware distribution sites near the top of Google search results, ensuring a steady stream of potential victims.
Threat actors employ both bespoke domains and websites hosted on Amazon AWS, according to screenshots posted of malware distribution sites.
Because the harmful websites are updated on a regular basis, there is always a new set of lures to get people to visit the virus distribution sites.
Visitors to these sites are sent via a succession of pages before arriving at the delivery page, therefore the landing page could be on a compromised legitimate site being exploited for SEO poisoning.
We’ve seen the same malware operators utilise bogus VPN sites in the past to deliver CryptBot to victims, so this isn’t a new tactic.