Retadup Monero Mining Virus Removed From 850k Devices by French Police

Proactive action from the French police helped in neutralizing a Monero mining malware originating from Paris that affected over 850k devices.

French cybercrime team in action

French police’s cybercrime unit recently found a virus that secretly infected over 850,000 devices. The virus, that was used to mine a privacy-oriented cryptocurrency called Monero (XMR) was neutralized by the unit. The new virus originally spread from Paris region to over 100 countries. Called ‘Retadup’ the virus was targeted Windows-based systems to mine XMR coins for the perpetrators.

The malware was first detected by Czech antivirus firm Avast which quickly reported it to the authorities in spring last year. The firm noted that the worm could enter a machine and create a backdoor via which the hackers could give commands to the system and execute mining processes remotely.

After receiving the tip, the cybercrime unit “cybergendarms” worked with the US Federal Bureau of Investigation (FBI) to launch a counterattack on the virus. They were successful in removing the virus from several thousand computers, located mostly in South America and Central America.

Talking to France Inter Radio, chief of C3N Jean-Dominique Nollet said,

“We managed to track down where the command server was, the control tower for the “botnet” network of infected computers.”

Cryptojacking becoming a major issue

Retadup is the latest in the list of crypto-jacking software unveiled by security researchers. Such malware is designed to run in victims’ computers, gorging their computing power and electricity. Such Retadup too was running without a trace and an average user will not be able to find the problem. The only possible way to define the presence of a crypto mining malware in the system is to see reduced hardware performance and increased consumption of electricity.

The perpetrators behind the crime could not be located by C3N suggests that they could have made millions of euros by mining and ransomware since the virus started infecting machines. It also said that the criminals could have stolen data from Israeli hospitals and patients as well.

Crypto-jacking is becoming an easy way for hackers to mine digital currency without utilizing their own resources. Crypto mining malware instances have increased by 4,000% in the past year alone. Hackers could spread their virus via links, emails, etc. and create complex software programs that may not just allow remote command execution but also spread the virus to other systems in the network.