France shuts down Monero cryptojacking botnet

Getting your Trinity Audio player ready...

French police have shut down a massive cryptojacking botnet that is reported to have infected over 850,000 machines globally. The botnet was controlled from the Paris region, and had targeted victims in over 100 countries. It has been operational for the past three years and has managed to rake up millions of dollars’ worth of Monero cryptocurrency.

The team from the French C3N center, dubbed cyber gendarmes, was alerted of the botnet in the spring by anti-virus company Avast. As reported by the BBC, Avast had discovered the existence of a private server in Paris that had been sending a virus known as Retadup to Windows computers across the world. The server had especially targeted the Central and South American regions.

To spread the virus, the cybercriminals sent emails promising easy money or erotic pictures. They also relied on infected USB drives. After installing the malware, they would then use the victim’s computer to mine Monero. In some instances, they would also steal user data as was the case when they targeted Israeli hospitals.

The C3N chief Jean Dominique Nollett detailed to France Inter Radio how his team dismantled the network.

Basically, we managed to detect where was the command server, the control tower of the network of infected computers, the ‘botnet. It was copied, replicated with a server of ours, and made to do things that allow the virus to be idle on the victims’ computers.

Nollett also believes that the hackers decided to operate from France as the country has very many servers and is one of the countries that do the most web hosting.

The French authorities also worked with the FBI to thwart the attack. With some of the domains having been registered in the U.S, the French team needed the FBI to block some traffic and direct it to their servers.

The French police will let the server continue to run so that any infected computers that hadn’t been online for the past few weeks can still be disinfected.

Asked what advise he would give the average user to protect himself against such an attack, he stated, “The same thing that I advise my parents: we do not click on the links if we are not sure of the person who sends you the email, we do not click on the attachments either and we put a antivirus and we are trying not to do anything on the Internet.”