The French police have taken down a global malware network that infected over 850,000 systems, mostly based in Latin America. The hackers employed cryptojacking to use remote computers for mining cryptocurrencies. They also stole personal data from Israeli hospitals and conducted ransomware operations.
In this case, the cryptocurrency being mined was Monero and the botnet army responsible for the infection was based in the Paris region. The effort was a collaborative one that involved French authorities, the FBI, and malware research experts from anti-virus company Avast.
The Details of Cryptojacking
Crypto-jacking is the use of malicious malware that remotely installs software, which uses the computer’s processor to mine for crypto. Computers that have been infected consume more power and are prone to breaking down. The hackers sent emails containing erotic images or promising money to their victims. Once the receipient clicks on a link, he or she is sent to a site that downloads the malware and installs itself on the system. All proceeds from the illegal mining operations go to the person controlling the malware.
While the French police were able to determine how many machines were infected, the amount that was stolen is not known. Avast released a report detailing its role in the case. The company zeroed in on a 2016 system, which had been in operation since 2016, as the main pirate server. It was responsible for propagating a virus called Retadup. A BBC report stated that French police, in coordination with the FBI, created a replica server and disabled the virus.
According to the head of France’s cybercrime unit, the combined processing power represents enough computing to shut down the global civilian World Wide Web. He said the replica server would continue running so that the virus could be deactivated in machines that had been offline.