The french cyber police division has successfully destroyed a virus that infected over 850,000 computers worldwide that were secretly mining Monero (XMR). According to the report published by the BBC, a group of French policemen called “cybergendarmes” was able to track down the control center of the sophisticated botnet in France. Further investigations also suggest that the criminal enterprise was able to make millions from fraud before the police were able to shut it down. It appears the operation began back in 2016.
A tip-off led the police to the location of the operation in France enabling them to dismantle the main pirate server in the Paris region. After that, the cybercrime unit began disinfecting all affected computers around the world.
The French police were first alerted of this situation back in spring by the anti-virus company Avast; which apparently first noticed the existence of a private server that was sending a virus called Retadup to thousands of Windows-operating computers in over 100 different countries, mainly located in Central and South America.
The virus was disguised in an email offering easy money or erotic pictures through infected USB drives. Once installed, the virus allowed hackers to control computers remotely without owners realizing they had been hacked, setting mining stations of Monero (XMR), extorting money through ransomware or even stealing data from hospitals or other institutions.
The C3N chief Jean-Dominique Nollet from the French police explained how they dismantled the criminal operation:
We managed to track down where the command server was, the control tower for the “botnet” network of infected computers.
…
People may not realize it but 850,000 infected computers means massive firepower, enough to bring down all the civilian websites on the planet. Even well-protected institutions were at risk of being paralyzed.
Furthermore, the cybercrime division made a replica server that rendered the virus inactive on the infected computers. Additionally, Nollet admitted to receiving help from the FBI to block traffic and direct them towards the replica server.
