August 29, 2019 – Authorities in France shut down a botnet army that has been infecting thousands of computers worldwide, all trying to do cryptojacking by mining the cryptocurrency Monero.
A tip-off led the authorities to the location of the pirate servers in Paris, France.
Cryptojacking is a type of cyberattack where a cryptomining software is secretly installed on the user’s computer. The software mines the cryptocurrency Monero using the remote computer’s power and, by extension, the user’s electricity.
As reported by BBC, picked up by Coindesk and Cointelegraph, the server has been operating since 2016. It utilizes the Retadup virus being sent to thousands of Windows-operating computers in countries mainly in Central and South America. As per the BBC Report: “Hackers had then been able to use the virus to control the computers remotely without owners realising, to create the cryptocurrency Monero, extort money through “ransomware” and even steal data from hospitals in Israel as well as Israeli patients.”
How it was dismantled is pretty interesting. After tracking the command center, the French Polices’ digital crime-fighting group created a replica serve “that rendered the virus inactive on the infected computers. Viruses are usually redirected to dead areas of the internet rather than being disabled.” The replica server will continue to run so that those computers still infected that are still offline will get disinfected when they go online.
Early this month, we reported about the cryptomalware named “Norman” that mines Monero while hiding from the task manager. There’s also this malware that, along with mining Monero, also steals user data. According to cybersecurity company Carbon Black, “This discovery indicates a bigger trend of commodity malware evolving to mask a darker purpose and will force a change in the way cybersecurity professionals classify, investigate and protect themselves from threats.”
This article is first published on BitPinas: Authorities Shut Down Crypto-Jacking Computer Network