French Police Shut Down 850,000 Computer Botnet Used for Cryptojacking

Published at: Aug. 28, 2019

French police have shut down a massive botnet that has been used for Monero (XMR) cryptojacking.

Cryptojacking backed by “massive firepower”

BBC News reported the development on Aug. 27. According to the police, the botnet was distributed by sending virus-laden emails with offers for erotic pictures or fast cash, and further propogated through infected USB drives. The virus, called Retadup, ultimately infected 850,000 computers in over 100 countries — thus creating a massive botnet. 

The chief of C3N — the French police’s cybercrime unit — Jean-Dominique Nollet spoke on France Inter radio about the power of a botnet this size, saying:

"People may not realise it but 850,000 infected computers means massive firepower, enough to bring down all the (civilian) websites on the planet.”

Unknown hackers reportedly availed themselves of this large network to install a program to mine the security-focused cryptocurrency XMR without the users’ permission. Additionally, bad actors used the malicious network to extort money via ransomware, and also to steal data from Israeli hospitals and patients.

Additional details and aftermath

The French police were able to find the botnet’s server, which was located in Paris, and disinfect the hundreds of thousands of affected computers by redirecting the virus to a harmless destination on the internet with the help of the United States Federal Bureau of Investigation or FBI. 

However, the botnet operators have not been apprehended at the time of publication. They are reportedly believed to have made millions of dollars from illicit activities, which began back in 2016.

More XMR cryptojacking from France?

As previously reported by Cointelegraph, the cybersecurity company Varonis recently discovered an unusually stealthy XMR miner that turns itself off whenever a user launches task manager. The researchers believe that this XMR miner also originates from France, or a French-speaking country. They based their hypothesis on the presence of French terms in the code, as well as French comments in the self-extracting archive file.

Tags
Fbi
Related Posts
Researchers Find Monero Mining Malware That Hides From Task Manager
Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero …
Altcoin / Aug. 14, 2019
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
Interpol Collaborates With Cybersecurity Firm to Tackle Cryptojacking
Interpol has collaborated with cybersecurity firm Trend Micro to reduce cryptojacking affecting MikroTik routers across South-East Asia, according to a Jan. 8 press release. Though the collaboration reduced the number of affected devices by 78 percent, this is unlikely to have made a significant impact on mining hashrate. Cryptojacking is a malicious practice where attackers infect common devices with crypto mining malware, utilizing the victim’s resources to mine cryptocurrency. Cybersecurity firm Trend Micro collaborated with Interpol’s Global Complex for Innovation, based in Singapore, to sanitize MikroTik routers infected with mining malware. As part of the “Operation Goldfish Alpha,” Trend Micro …
Altcoin / Jan. 9, 2020
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Hackers Mass-Scanning Web for Docker Platforms to Mine Cryptocurrencies
A group of hackers has launched a new cryptojacking campaign on Nov. 24, scanning as many as 59,000 IP networks to find Docker platforms that have API endpoints exposed online, business technology publication ZDNet reports Nov. 26. According to the report, the campaign is targeting vulnerable Docker instances in order to deploy crypto-malware to generate funds for the hacking group by mining Monero (XMR). The mass scanning issue was first discovered by American internet security firm Bad Packets LLC on Nov. 25. Troy Mursch, chief research officer and co-founder of Bad Packets LLC, said that exploit activity targeting exposed Docker …
Blockchain / Nov. 27, 2019