Security News > 2022 > February > Revamped CryptBot malware spread by pirated software sites
CryptBot is a Windows malware that steals information from infected devices, including saved browser credentials, cookies, browser history, cryptocurrency wallets, credit cards, and files.
Security analysts at Ahn Lab reported that the threat actors are constantly refreshing their C2, dropper sites, and the malware itself, so CryptBot is currently one of the most shifting malicious operations.
According to the Ahn Lab report, the CryptBot threat actors distribute malware through websites pretending to offer software cracks, key generators, or other utilities.
According to screenshots shared of the malware distribution sites, the threat actors use both custom domains or websites hosted on Amazon AWS. The malicious websites are constantly being refreshed, so there's a wide variety of ever-shifting lures to draw users onto the malware distribution sites.
We have seen the same malware operators using fake VPN sites to deliver CryptBot to victims in previous years, so search engine abuse isn't a new trick.
As CryptBot primarily targets people searching for software cracks, warez, and other methods of defeating copyright protection, simply avoiding the downloading of these tools will prevent infection by this malware and many others.