French Police shutter botnet affecting 850,000 computers in 100 countries

Mt. Gox trustee granted another delay for distribution plan for victims

Cyber crooks are now building networks for other criminals to use for their illicit activities, but law enforcement officials finally got the upper hand on a global construct that had infected roughly 850,000 computers in over 100 countries with malware that acted as a “utility” for general use. French Police, with help from the U.S. Federal Bureau of Investigation (FBI), shut down the server responsible for running the illegal network and dismantled the offending software on other computers. The crooks have not been apprehended, but it is believed that they had made millions off their network.

The offending virus goes by the name of “Retadup” and was loaded onto “captive” devices when their users responded to emails that promised erotic pictures or easy access to cash. The malware also had the ability to spread itself, as well, from infected USB drives. The BBC had initially reported on developments a few days back, but the illegal server had been active since 2016.

According to CoinTelegraph, the illicit network could be used for a number of purposes, but the primary activity related to mining Monero (XMR) tokens:

Unknown hackers reportedly availed themselves of this large network to install a program to mine the security-focused cryptocurrency XMR without the users’ permission. Additionally, bad actors used the malicious network to extort money via ransomware, and also to steal data from Israeli hospitals and patients.

Monero is one of the decentralized platforms that infuriate regulators and law enforcement officials. It uses what is called an “obfuscated” public ledger, which disguises and enhances the anonymity of transactions on its platform. Outside observers are unable to determine the source, amount, or destination of items on this grid, the reason that criminals have gravitated to this site. Guillermo Suarez de Tangil, a cyber-security lecturer at King’s College London noted in an interview with Reuters:

There is a clear phenomenon of the underground using Monero, and selling malware that will contribute to Monero mining.

Jean-Dominique Nollet, the head of the French police’s cyber crime unit, explained to listeners of a recent France Inter radio program that a “botnet” of this size and global scope could wreak havoc in today’s Internet-driven world:

People may not realise it but 850,000 infected computers means massive firepower, enough to bring down all the (civilian) websites on the planet.

Upon further investigation, it appeared that the primary use of this far-flung network was for “crypto-jacking”, a scheme in which the malware is able to commandeer the computing power of infected computers, perhaps late at night to evade detection, and direct them to perform mining calculations and earn mining rewards for its controllers. Some mining malware actually go so far as to turn themselves off, when Task Manger is activated. Of the 17 million Monero tokens in circulation, it is estimated that at least 4% of them have been mined via illicit crypto-jacking activities. Victims typically discover that something is wrong when they receive exorbitant utility bills at the end of a month.

Perpetrators of ransom-ware schemes are also increasingly migrating from Bitcoin to Monero for settlement purposes, due again to its anonymity, which is not “airtight”. Developers have attempted to close weak points, but its creators vow that the Monero service enables commerce, no different than does cash, which crooks primarily use.

Read Also: