Skip to main content

French police topple major worm attack

(Image credit: Image Credit: Make-Someones-Day / Pixabay)

Cybersecurity firm Avast has teamed up with the French law enforcement to take down a piece of malware which infected thousands in Latin America.

The Threat Intelligence Team worked with the French National Gendarmerie and took down Retadup, a piece of malware which was spreading a cryptocurrency miner across Latin America and has also, on some occasions, installed the Stop ransomware and Arkei password stealers.

Machines infected with Retadup were, unknowingly to their owners, mining cryptocurrency for the hackers. Mining is a compute-heavy task, which means the computers were most likely useless to their owners.

So far, in the first 45 days of the effort, the two organisations took down 850,000 unique infections and have taken control of the malware’s Command and Control server. The server has since been replaced with a disinfection server, which forces the remaining malware to self-destruct.  

Most malware instances were found in Peru (almost 35 per cent of all infections), followed by Venezuela, Bolivia, Ecuador, Mexico, Colombia, Argentina and Cuba.

The gang behind the malware were mining XMR, or Monero – a privacy-oriented cryptocurrency. So far, they’ve managed to mine 53.72 XMRs. Monero’s current price is $69.93 per coin, which means they got a total of $3,756. Researchers believe this is just a fraction of the group’s entire profits.