French Police Shut Down 850,000 Computer Botnet Used for Cryptojacking

News


French police have shut down a massive botnet that has been used for Monero (XMR) cryptojacking.

Cryptojacking backed by “massive firepower”

BBC News reported the development on Aug. 27. According to the police, the botnet was distributed by sending virus-laden emails with offers for erotic pictures or fast cash, and further propogated through infected USB drives. The virus, called Retadup, ultimately infected 850,000 computers in over 100 countries — thus creating a massive botnet. 

The chief of C3N — the French police’s cybercrime unit — Jean-Dominique Nollet spoke on France Inter radio about the power of a botnet this size, saying:

“People may not realise it but 850,000 infected computers means massive firepower, enough to bring down all the (civilian) websites on the planet.”

Unknown hackers reportedly availed themselves of this large network to install a program to mine the security-focused cryptocurrency XMR without the users’ permission. Additionally, bad actors used the malicious network to extort money via ransomware, and also to steal data from Israeli hospitals and patients.

Additional details and aftermath

The French police were able to find the botnet’s server, which was located in Paris, and disinfect the hundreds of thousands of affected computers by redirecting the virus to a harmless destination on the internet with the help of the United States Federal Bureau of Investigation or FBI. 

However, the botnet operators have not been apprehended at the time of publication. They are reportedly believed to have made millions of dollars from illicit activities, which began back in 2016.

More XMR cryptojacking from France?

As previously reported by Cointelegraph, the cybersecurity company Varonis recently discovered an unusually stealthy XMR miner that turns itself off whenever a user launches task manager. The researchers believe that this XMR miner also originates from France, or a French-speaking country. They based their hypothesis on the presence of French terms in the code, as well as French comments in the self-extracting archive file.



Source link

Infolinks.com, 3210366 , DIRECT rubiconproject.com, 20322, RESELLER, 0bfd66d529a55807 google.com, pub-6373315980741255, RESELLER, f08c47fec0942fa0 google.com, pub-4299156005397946, RESELLER, f08c47fec0942fa0 Adtech.com, 11409, RESELLER appnexus.com, 3251, RESELLER Pubmatic.com, 60809,RESELLER,5d62403b186f2ace Pubmatic.com, 158270, RESELLER,5d62403b186f2ace sovrn.com, 268479, DIRECT, fafdf38b16bf6b2b lijit.com, 268479, DIRECT, fafdf38b16bf6b2b lijit.com, 268479-eb, DIRECT, fafdf38b16bf6b2b aol.com, 6202, RESELLER aol.com, 17744, RESELLER lkqd.net, 295, RESELLER, 59c49fa9598a0117 lkqd.com, 295, RESELLER, 59c49fa9598a0117 Freewheel.tv, 482337, RESELLER Freewheel.tv, 480609, RESELLER appnexus.com, 7666, RESELLER, f5ab79cb980f11d1 rubiconproject.com, 156042, RESELLER, 0bfd66d529a55807 pubmatic.com, 156872, RESELLER, 5d62403b186f2ace Rubiconproject.com, 20848, RESELLER, 0bfd66d529a55807 contextweb.com, 559988, RESELLER, 89ff185a4c4e857c rhythmone.com, 2221906906,DIRECT,a670c89d4a324e47 districtm.io, 101519, RESELLER indexexchange.com, 175407, RESELLER 33across.com, 0010b00002CpYhEAAV, RESELLER, bbea06d9c4d2853c rubiconproject.com, 16414, RESELLER, 0bfd66d529a55807 pubmatic.com, 156423, RESELLER, 5d62403b186f2ace rhythmone.com, 2439829435, RESELLER, a670c89d4a324e47 indexexchange.com, 185506, RESELLER Smartadserver.com,3238,RESELLER contextweb.com,560288,RESELLER,89ff185a4c4e857c pubmatic.com,156439,RESELLER pubmatic.com, 154037,RESELLER rubiconproject.com,16114,RESELLER, 0bfd66d529a55807 openx.com,537149888,RESELLER,6a698e2ec38604c6 sovrn.com, 257611,RESELLER, fafdf38b16bf6b2b appnexus.com,3703,RESELLER,f5ab79cb980f11d1 EMXDGT.com, 68, RESELLER, 1e1d41537f7cad7f rubiconproject.com, 17262, RESELLER, 0bfd66d529a55807 indexexchange.com, 184311, RESELLER gumgum.com,13318,RESELLER,ffdef49475d318a9 adtech.com,12094,RESELLER google.com, pub-5617098146054077, RESELLER, f08c47fec0942fa0 spotx.tv, 74964, RESELLER, 7842df1d2fe2db34 openx.com, 540362347, RESELLER, 6a698e2ec38604c6 advertising.com, 24831, RESELLER appnexus.com, 10736, RESELLER

Leave a Reply

Your email address will not be published. Required fields are marked *

15 − one =