CryptBot is a cyberattack tool known as an “info stealer” designed to attack Windows operating systems. Its primary programming is information theft, information including cryptocurrency wallet credentials, cookies, passwords, etc. It will then store them in an archive and relay them to the attacker.

CryptBot origins

The CryptBot made its first appearance in 2019 when it stole the victim’s sensitive information and login details. The stolen data was then collected and sold to nefarious individuals who would, in turn, execute data breach attacks. CryptBot is often shared covertly in pirated software like KMSPico or can get disguised as legitimate apps like Google Chrome.

The tool can extract information from popularly used browsers such as Vivaldi, Brave, and Chrome. CryptBot can also hack cryptocurrency wallets like Electrum, Jaxx Liberty, Coinomi, Monero, Ledger Live, and Exodus.

As of 2023, Google has obtained a restraining order that permits them to take down the distributors of the malware along with all their associated domains. The suspected network of distributors is based in Pakistan, and through legal action, there is hope to put an end to a legacy of over 700,000 computer infections globally.