/French Cops Trick Monero Cryptomining Botnet to Self-Destruct on 850,000 Computers

French Cops Trick Monero Cryptomining Botnet to Self-Destruct on 850,000 Computers

The Retadup malware which had been deployed on hundreds of thousands of computers around the world to secretly mine the Monero cryptocurrency and commit other illegal acts may finally be over.

According to the BBC, the backend
infrastructure of the Retadup Monero cryptojacker which is estimated to have
infected over 850,000 computers across the globe has been destroyed by the
Cybercrime Fighting Center (C3N) of the French police service.

Retadup Monero
cryptojacker tricked into self-deleting

The ‘cybergendarmes’ annihilated the network of computers
that were infected with the Monero cryptojacker after being tipped off about
the botnet’s location by Avast cybersecurity software firm. Retadup’s backend infrastructure
was located in the Paris region.

After accessing Retadup’s backend infrastructure, Avast and
C3N instructed the worm to self-delete on all the infected computers that were

While the malware was globally prevalent, most of the infected computers were located in Central and Latin America. The hardest-hit country was Peru followed by Venezuela, according to Avast.

Besides France, Retadup also possessed some backend infrastructure
in the United States. Other than mining the Monero cryptocurrency secretly on the
infected computers, Retadup also to a lower extent stole passwords and planted

How much XMR has the
cryptojacking malware earned?

According to the C3N commander, Colonel Jean-Dominique
Nollet, the Retadup worm managed to mine Monero worth “several million euros a
year” as Europe1

Some of the seized servers belonging to Retadup had also
been mining Monero. While they were found to have only mined around 53.72
Monero coins worth around $4,230 at current
, this is believed to only be a tiny fraction of what the entire
network generated.

Seized servers showed only a tiny fraction of Monero mined | Source: Avast

According to Avast, the Monero cryptojacker had a preference for computers with multiple cores due to the higher computing power. Virtually all the infected computers were running Windows operating system. Over 50 percent of the computers infected with the Monero cryptojacker were running Windows 7 OS.

Original Source