670k computers infected by CryptBot.

Apr 28 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that passes the vibe check.

Today’s hottest cyber security stories:

  • 670k computers infected by CryptBot; Google blocks with court order
  • ‘Atomic’ macOS infostealer being sold on Telegram for $1k a pop
  • RSAC 2023: Biggest statements from cybersecurity leaders


Did you hear the news? Google just put the smackdown on CryptBot, the information-stealing malware that’s been wreaking havoc all over the interwebs.

CryptBot was designed to snatch up all kinds of juicy data, from passwords to cryptocurrency wallets. But that’s not all – this little devil was also seen distributing banking trojans.

And get this: over the past year, CryptBot infected around 670,000 computers. Yikes, that’s a whole lotta infected PCs!

The sneaky malware was hiding out in modified versions of legit software like Google Earth Pro and Chrome, with the latest versions targeting Chrome users in particular.

But Google wasn’t gonna take this lying down. Oh no, they rolled up their sleeves and went after the CryptBot distributors based in Pakistan. These guys were running a global criminal enterprise, but Google was all like “not on our watch!” Well, in so many words…

Google said: “We’re targeting the distributors who are paid to spread malware broadly for users to download and install, which subsequently infects machines and steals user data. […] The legal complaint is based on a variety of claims, including computer fraud and abuse and trademark infringement.”

Armed with the fresh court order, Google can take down current and future domains used to distribute CryptBot, which is expected to impact the infostealer’s infection rates.

“This will slow new infections from occurring and decelerate the growth of CryptBot. Lawsuits have the effect of establishing both legal precedent and putting those profiting, and others who are in the same criminal ecosystem, under scrutiny,” the internet giant says.

So, there you have it. They filed a legal complaint in New York and got a judge to give them a temporary restraining order. CryptBot got served. Don’t mess with the big G, folks!


Hold on to your wallets, folks! The latest and greatest macOS malware is hitting the black market!

For a measly $1,000 a month, you too can get your grubby cybercriminal hands on ‘Atomic’ (also known as ‘AMOS’), a fancy new malware designed to steal all your precious information.

With this shiny new malware, you can say goodbye to all those pesky passwords, files, cookies, and credit cards that have been cluttering up your Mac.

A steal of a deal!

But wait, there’s more! This bad boy also goes after over 50 different cryptocurrency extensions. It’s like a steal of a deal!

For the low, low price of $1,000 per month, you’ll also get a handy web panel for easy victim management, a MetaMask brute-forcer, a cryptocurrency checker, a dmg installer, and the ability to receive stolen logs on Telegram. Who knew cybercrime could be so convenient?

So, what are you waiting for? Get your hands on ‘Atomic’ today and start stealing like a pro! But be careful, you never know who might be watching.

We are of course joking. It is weird though, isn’t it? All these tools to help even the most dim-witted of would-be criminals throw their hat into the cybercrime-ring, if you will.

Stay safe out there!


Top executives from Palo Alto Networks, CrowdStrike, Cisco, Microsoft and Trellix spoke out about current cyberthreats, generative AI and the cybersecurity talent shortage during keynotes at RSA Conference 2023.

Scroll down to hear from Lee Klarich, CPO of Palo Alto Networks, Jeetu Patel, EVP and GM of security and collaboration at Cisco, and Vasu Jakkal, CVP for security, compliance, identity and management at Microsoft.

Lee Klarich, CPO of Palo Alto Networks

“I actually believe security is solvable. I actually believe that this is a winnable battle … There are some incredible things that are happening in technology that give me optimism.

“Over the last several years, the ability to operate at machine scale — leveraging what effectively is unlimited compute, unlimited bandwidth in the cloud — to change the way security is delivered, completely changes the notion of what can be done …

“AI is most powerful when it is driven by great data.”

Jeetu Patel, EVP and GM of security and collaboration at Cisco

“We are at an inflection point right now. Every company is rethinking how they are going to use AI. And every vendor is talking about it. And you can’t really blame them, because if you really think about the sophistication of security attacks, it no longer can be handled at human scale.

You have to do it at machine scale, or it doesn’t work. Now, the question to ask is, what are the things that need to come together to make AI really a step-function improvement on the insights it can deliver, in security specifically?

And there are three things, when you start thinking about AI, that need to come together. One of them is the model. The second is the data. And third is the experience.

Vasu Jakkal, CVP for security, compliance, identity and management at Microsoft

“This is the Industrial Revolution 5.0, when AI becomes mainstream. And what you’re noticing also is that every single era has built on top of the others shrinking.

[With ChatGPT] in three months it reached 100 million users. By comparison, it took mobile phones 16 years to reach 100 million users, and the internet seven years to reach 100 million users.

We are at the cusp of something really special. And we need this in security. We need this desperately because the odds today are against the defenders. … We don’t have people to solve our challenges.

Final word from us

There was an overall sense of optimism in the face of adversity which was nice to hear. These are just three sections we picked out from three speakers but, having read a lot more of what was said at the conference, we can tell you it was generally speaking an uplifting affair.

All is not lost, brothers and sisters!

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he’s your Dawg, he got you.

MONDAY: Malicious apps infect Google drive

TUESDAY: Thousands of WordPress sites hacked

WEDNESDAY: Click-jacking: don’t get caught with your pants down!

THURSDAY: RTM Locker’s First Linux Ransomware

footer graphic cyber security newsletter

Recent articles