French police have shut down a massive botnet that has been used for Monero (XMR) cryptojacking.
Cryptojacking backed by “massive firepower”
BBC News reported the development on Aug. 27. According to the police, the botnet was distributed by sending virus-laden emails with offers for erotic pictures or fast cash, and further propogated through infected USB drives. The virus, called Retadup, ultimately infected 850,000 computers in over 100 countries — thus creating a massive botnet.
The chief of C3N — the French police’s cybercrime unit — Jean-Dominique Nollet spoke on France Inter radio about the power of a botnet this size, saying:
“People may not realise it but 850,000 infected computers means massive firepower, enough to bring down all the (civilian) websites on the planet.”
Unknown hackers reportedly availed themselves of this large network to install a program to mine the security-focused cryptocurrency XMR without the users’ permission. Additionally, bad actors used the malicious network to extort money via ransomware, and also to steal data from Israeli hospitals and patients.
Additional details and aftermath
The French police were able to find the botnet’s server, which was located in Paris, and disinfect the hundreds of thousands of affected computers by redirecting the virus to a harmless destination on the internet with the help of the United States Federal Bureau of Investigation or FBI.
However, the botnet operators have not been apprehended at the time of publication. They are reportedly believed to have made millions of dollars from illicit activities, which began back in 2016.
More XMR cryptojacking from France?
As previously reported by Cointelegraph, the cybersecurity company Varonis recently discovered an unusually stealthy XMR miner that turns itself off whenever a user launches task manager. The researchers believe that this XMR miner also originates from France, or a French-speaking country. They based their hypothesis on the presence of French terms in the code, as well as French comments in the self-extracting archive file.