The cybercrime unit at French police has uncovered and neutralized a virus that secretly infected more than 850,000 devices worldwide to mine a cryptocurrency called Monero (XMR). Monero, as a cryptocurrency focused on privacy and anonymity, was reported as forming the preferred target for miners malware.
Dubbed “Retadup” and originating from the Paris region, the latest threat had used the processor power of hundreds of thousands of Windows-operating computers in over 100 countries to generate coins for the perpetrators.
“We managed to track down where the command server was, the control tower for the “botnet” network of infected computers,” C3N chief Jean-Dominique Nollet told France Inter radio.
After a tip-off, the French “cybergendarmes,” with help from the US Federal Bureau of Investigation, carried out a counterattack and succeeded in disinfecting the computers around the globe, mainly in Central and South America.
KVB PRIME Strikes UK with Influential Finance Summit SponsorshipGo to article >>
Czech antivirus firm Avast, which has been tracking the threat, first recorded Retadup last spring and alerted French authorities to the software. The worm is responsible for opening a backdoor on infected machines, allowing for commands to be executed remotely by the attackers.
Crypto mining malware increased 4,000%
Displaying the more classic behavior of so-called “cryptojacker” malware, Retadup runs almost without a trace, Avast says, the only noticeable difference for the end-user being reduced hardware performance.
The operators behind the botnet are thought to have made millions of euros since they set it up, “through ransomware and even steal data from hospitals in Israel as well as Israeli patients,” France’s C3N digital crime-fighting center said.
As Finance Magnates previously reported, instances of such malware have shot up over the last two years, leading commentators to warn of an epidemic.
More generally, instances of crypto-mining malware saw a 4000-percent increase last year. Most alarmingly though, is that recent exmaples employ a number of tactics to fetch the web browser history looking for specific types of activities, such as those involving credit cards, business, social media, gaming, cryptocurrency, and shopping.