A massive botnet that attackers utilized for Monero (XMR) cryptojacking has finally been shut down by French police.
On Aug. 27, BBC News reported that virus-laden emails which had erotic pictures or fast cash offers distributed the botnet when they were sent to unsuspected users. As a result, the users unsuspectedly spread the virus, dubbed Retadup, through infected USB drives — which eventually created a massive botnet where 850,000 computers were infected in more than 100 countries.
During an interview with France Inter radio, Jean-Dominique Nollet —the chief of the French police’s cybercrime unit C3N — said the following regarding this botnet’s power:
“People may not realize it, but 850,000 infected computers means massive firepower, enough to bring down all the (civilian) websites on the planet.”
Without the users’ permission, Unknown hackers reportedly installed a program to mine XMR — the security-focused cryptocurrency.
Through this large network, bad actors have been able to steal Israeli hospitals and patients’ data as well as extort money via ransomware.
Additional cryptojacking details
With the United States Federal Bureau of Investigation’s (FBI) assistance, The French police found the botnet’s server and later redirected the virus to a harmless internet destination, thereby, disinfecting hundreds of thousands of affected computers.
At the time when the news came out, apprehension of the botnet operators had not taken place. Reports show that the group had started engaging in illicit activities back in 2016 and have so far made millions of dollars.
Recently, Varonis Cybersecurity Company uncovered a sneaky behaving XMR miner that would be off when a user starts the task manager and then goes on as soon as the application is ended. Based on their hypothesis after they found a self-extracting archive file having French terms and French comments in the code, the researchers believed that the XMR miner came from either France or a particular French-speaking country.
Even at a time when a lot of cryptocurrencies are performing below their all-time highs, hackers are still continuing their stealthy cryptocurrency mining activities.