“Cybergendarmes” from France’s C3N anti-cybercrime centre have dismantled a botnet that infected 850 000 computers worldwide with a virus to mine the privacy cryptocurrency Monero, BBC reports.
The botnet (a network of “zombified” computers commandeered by a virus to proliferate viruses) is believed to have generated millions of Euros in Monero since it was set up in 2016.
In this particular surreptitious cryptomining exploit, hackers used a server located in France to send out a virus dubbed “Retadup” in “phishing emails” (featuring erotic photos, for example), and also somehow proliferated infected USB drives.
Clicking on a link in a malicious email or opening the contents of dirty thumb drive injects cryptomining malware onto a computer. From there, the malware can move out onto any computer networked to the infected one.
Many enterprises, including Starbucks, have had their networks commandeered for cryptomining, which can slow down and run down hard drives and eat up prodigious amounts of electricity. Proceeds of the cryptomining are sent directly to hackers.
The extent of the viral infection in this case, C3N chief Jean-Dominique Nollet told France Inter radio, was very dangerous:
“People may not realise it but 850,000 infected computers means massive firepower, enough to bring down all the (civilian) websites on the planet.”
The cybergendarmes first located and dismantled a malicious pirate serve in Paris that functioned as the nerve centre of the botnet. They then moved on to disinfecting computers around the world by making a “replica server that rendered the virus inactive on the infected computers,” according to the BBC, and, “the FBI in the US also helped… he French…to block traffic and direct it towards their replica server.”
Notably, the BBC reports, “Viruses are usually redirected (by cybersleuths) to dead areas of the internet rather than being disabled.”
This Retadup infection affected, “hundreds of thousands of Windows-operating computers, in over 100 countries but mainly in Central and South America,” and was even used to, “extort money through ‘ransomware’ and even steal data from hospitals in Israel,” including patient data.