French police have managed to take down a botnet of more than 850,000 computers that were being used to mine the Monero cryptocurrency.
The operation, led by a team from France’s C3N digital crime-fighting center dubbed “cybergendarmes,” targeted the botnet after being tipped off earlier this year to its existence by antivirus firm Avast Software s.r.o., the BBC reported last week.
The botnet, which spanned the globe, used the Retadup worm to target Windows systems. First detected in 2017 when it attacked an Israeli hospital, Retadup propagates itself via phishing emails, and once it infects one personal computer, it can spread across a network. It has been used for various purposes, including cybercrime and cyberespionage, but by April 2018 was primarily being used to spread cryptomining malware.
How the French police come into the picture is that despite the botnet operating globally, the command-and-control server resided in France and that’s where the takedown story begins. The Avast researchers identified “a design flaw in the C&C protocol that would have allowed us to remove the malware from its victims’ computers had we taken over its C&C server,” the researchers explained.
The path to justice was not quick: French police were required to present their findings to a prosecutor to advance with a takedown of the botnet. That eventually happened in July.
Using the identified design flaw, on July 2 the C&C server was taken over. From that point on, the police could provide commands to all the infected systems that were contacting the C&C server to delete themselves, a process that took 45 days through Aug. 19, involving more than 850,000 systems.
The identity of the person or group behind that botnet has not as yet been revealed by authorities. But an Israeli Twitter account dedicated to cybercrime updates claims to have traced the botnet to a Palestinian man based on details the hacker had left on social media.
Google searches after the hacker’s phone number led us to a Facebook page controlled by the hacker. pic.twitter.com/wjY4Y9PWac
— Under the Breach (@underthebreach) August 28, 2019
The news of the botnet takedown prompted Monero, the cryptocurrency being mined by the botnet, to surge in price over the weekend. The price rise was less because the cryptocurrency being mined than because of the botnet’s takedown, which restrained new supply.
Monero rose as much as 10.9% on Sunday before falling slightly, though it was up more than 6% as of 8:50 p.m. EDT. There’s little doubt that the news of the botnet takedown caused the price increase, since all other major cryptocurrencies remained flat by comparison over the weekend.
Photo: Pixabay
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.