There have been numerous incidents of crimes which involved using other computers for cryptocurrency mining that it has become an active part of the cybercrime world. Crypto mining botnet is being used by operators to mine illegal cryptocurrencies.
But it’s not every day that you get to do a massive crypto-mining crime bust. Recently, Avast came across a crypto mining scandal that was taking over about 850,000 computers. The Retadup malware was taking over the machines in different parts of the world. Ever since the first appearance, it had moved to the U.S., Russia and Central and South America.
The Retadup malware infects computers and starts the process of cryptocurrency mining by using the power of the computer’s processor. The malware has wormable properties, which means that it can spread from one computer to another, and it can be used to generate money by activities like spyware and ransomware.
The security firm got involved in this when they discovered a flaw in the command and control server of the malware. The flaw was of the sort which, if properly exploited, can end up being the key to removing the malware from the victim’s computers. Avast found out that most of the infrastructure of the malware was present in France, and they decided to contact the French police.
Once the prosecutors allowed further investigation, French police took command of the operation and went ahead to disinfect the computers. The French police ordered for the “botnet” which is one of the largest networks of hijacked computers in the world.
They got a snapshot of the malware’s command and control server through its web host, and they worked carefully on it to avoid any retaliation from the malware operators.
Using the snapshot of the command line and control server, researchers in the French police department decided to build their replica of the mining botnet malware, which was used to disinfect the computers. The replica malware designed was carefully implemented in the computers which destroyed the Retadup virus from the computer.
By carrying out this operation, the company was able to remove the malware from 850,000 computers and closed a scheme that helped the operators generate more than several million euros worth of cryptocurrency.
Shutting down malware from another country is a rare achievement, but the journey to that achievement is difficult.