CryptBot – a Windows malware – is capable of stealing credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. Cryptbot hides within legitimate software in order to be installed by its victims. CryptBot threat actors spread malware via websites purportedly offering software cracks, key generators, or other tools. To gain widespread visibility, threat actors utilize search engine optimization to position malware distribution sites towards the top of Google search results, resulting in a steady stream of potential victims. It can also spread through a fake vpn client which is called as Inter VPN, when executed, it infects the system with cryptbot and vidar which then runs a AutoHotKey script leading to download executables from malicious websites.