Skip Navigation
BlackBerry Blog

CryptBot Infostealer: Watch How BlackBerry Defeats It (Video)

CYBERSECURITY / 07.21.22 / Hector Diaz

CryptBot has returned. This malicious infostealer is now streamlined and as dangerous as ever, with a sharpened focus on data-capture functionalities. 

When CryptBot targets a user’s endpoint, it seeks browser login credentials, crypto wallets, stored financial account information, and additional sensitive data of interest to attackers. The stolen data is then sent back to attackers through a command-and-control (C2) address, where it is exploited for monetary gain.

CryptBot first struck in 2019 and returned with a recent outbreak of attacks in early 2022. The infostealer often lures potential victims through compromised software pirate sites, where the malware masquerades as “cracked” versions of commercial software packages and video games. Attackers draw victims to these sites via sophisticated search engine optimization (SEO) promotion techniques.

The updated variant of CryptBot malware no longer comes equipped with anti-sandbox and exfiltration functions. When downloaded, the newly trimmed malicious file is about half its original size, which allows the infection processes to occur more often — and at faster speeds. CryptBot’s deceptive presentation and increasingly efficient form make it a hazardous threat to home and corporate users alike.

See how BlackBerry prevents CryptBot attacks in our demo video below, which shows our AI-powered endpoint protection solution, CylancePROTECT®, going head-to-head with a live sample of CryptBot Infostealer.

DEMO VIDEO: BlackBerry vs. CryptBot Infostealer
Learn more about CryptBot Infostealer in our deep dive blog Threat Thursday: CryptBot Infostealer Masquerades as Cracked Software
Figure 1 – CylancePROTECT prevents a CryptBot sample from running within milliseconds, stopping the attack before it compromises the system.
Figure 2 – CylancePROTECT stops a set of 35 CryptBot samples from running in sequence, blocking each attempt immediately, in real time.

BlackBerry Protects Against CryptBot Infostealer

CylancePROTECT provides automated malware prevention, application and script control, memory protection, and device policy enforcement. This AI-based Endpoint Protection Platform (EPP) blocks cyberattacks and provides controls for safeguarding against sophisticated threats—no human intervention, Internet connections, signature files, heuristics, or sandboxes required.

BlackBerry Assistance

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. For emergency assistance, please email us at, or use our handraiser form. 

Video Transcript

In this video, we are going to evaluate the predictive prevention capabilities that CylancePROTECT® can provide against CryptBot Infostealer. 

Here is the sample analyzed in detail on our blog for this threat. Let’s copy the file and see if we can infect our test system. When we try to execute, Cylance® AI  stops it in milliseconds – before it can execute and compromise the system.

Now let’s try again, with an extended set of 35 CryptBot samples. We will try to execute the sample set in sequence. This loop attempts to execute each file, one after the other, and as you can see, CylancePROTECT stops CryptBot at each attempt—using AI instead of signatures, heuristics, or cloud lookups—successfully preventing a total of 36 CryptBot samples from executing. 

Prevention is possible with BlackBerry.

Hector Diaz

About Hector Diaz

 Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.