A new variant of the well-known malware CryptBot infects Windows PCs and steals user data. This is how the malicious program spreads.
Enlarge
Windows malware spreads through infected websites
© solarseven/Shutterstock.com
The well-known malware CryptBot is on the way in a new variant. The attackers have streamlined the new version of CryptBot and removed functions that are no longer required. The smaller size is intended to make the malware less conspicuous and less easy to detect. On the other hand, the hackers also made the latest version of CryptBot more powerful. It no longer only searches for specific file paths in the Chrome browser installation on the infected computers, but now searches all file paths. In this way, the malware avoids error messages about non-existent paths. With this adjustment, CryptBot can, for example, also steal information stored in newer Chrome versions, such as cookie data.
New malware spreads via websites
However, the new CryptBot variant, which is described in detail here, does not spread by email like so many other malicious programs. Rather, the new CryptBot variant chooses a classic among the distribution channels: it lurks on websites that offer, for example, free pirated copies of games and user software for download. The cyber gangsters even optimized their websites for Google so that they can be found more easily when searching for relevant pirated copies. This is reported by the US IT news site Bleeping Computer.
The attackers update these websites constantly. In addition, the pages are structured in such a way that after clicking the download button, they redirect the visitor several times before finally landing on the page from which the pirated copy can be downloaded.
CryptBot only infects Windows machines, Linux PCs and Macs are not at risk. On the infected Windows PC, CryptBot steals all sorts of information such as saved browser logins, cookies, browsing history, cryptocurrency wallets, credit cards, and files.
protective measures
In addition to the usual recommendations – use the latest virus scanner, install Windows updates – the following advice applies to protection against an infection with CryptBot: Never install software from unknown websites. Only install software from the Microsoft Windows app store or from the official manufacturer websites of the respective software.