Crypto News Revamped CryptBot malware spread by pirated software sites


Level 37
Thread author
Top poster
Feb 4, 2016
A new version of the CryptBot info stealer was seen in distribution via multiple websites that offer free downloads of cracks for games and pro-grade software.
CryptBot is a Windows malware that steals information from infected devices, including saved browser credentials, cookies, browser history, cryptocurrency wallets, credit cards, and files.

The latest version features new capabilities and optimizations, while the malware authors have also deleted several older functions to make their tool leaner and more efficient.
Security analysts at Ahn Lab reported that the threat actors are constantly refreshing their C2, dropper sites, and the malware itself, so CryptBot is currently one of the most shifting malicious operations.

Using search results for delivery​

According to the Ahn Lab report, the CryptBot threat actors distribute malware through websites pretending to offer software cracks, key generators, or other utilities.
To gain wide visibility, the threat actors utilize search engine optimization to rank the malware distribution sites at the top of Google search results, providing a stable stream of prospective victims.

According to screenshots shared of the malware distribution sites, the threat actors use both custom domains or websites hosted on Amazon AWS.


Level 39
Top poster
Content Creator
Apr 13, 2013
Fun Fact- For the past little while an increasing number of malware types (like this Cryptobot variant) will target primarily Home users and bypasses larger organizations (which normally will use servers) by the use of an evasion technique that looks specifically for Xeon CPU's- and if found the malicious file will not run at all (sadly I cannot infect my system with it as I rock a Xeon).