The French Gendarmerie, and in particular the Cybercrime Fighting Center (C3N), has destroyed a cryptojacker of Monero.
The C3N, in fact, has announced that it has completely destroyed a malware that was used to mine Monero (XMR) and that had infected more than 850 thousand terminals.
La #gendarmerie démantèle l'un des plus gros réseaux d'ordinateurs piratés au monde ! En lien avec le #FBI, les #cybergendarmes parviennent à "désinfecter" à distance plus de 850 000 ordinateurs. Une #PremièreMondiale ! 🇫🇷
— Gendarmerie nationale (@Gendarmerie) August 28, 2019
As stated, the malware has been eliminated by the French cybersecurity service upon the suggestion of the antivirus company Avast, which monitored the botnet RETADUP.
In doing so, the French Gendarmerie focused its attack on taking control of the malware’s C&C server, exploiting a design flaw in the malware protocol to remove it from the victims’ computer.
It was also found that 85% of the infected terminals were in Latin America, mainly in Peru, Venezuela, Bolivia, Mexico and Ecuador.
As mentioned, the malware exploited the victims’ terminals to mine the Monero (XMR) cryptocurrency (XMR). 53.72 XMR were seized from the botnet servers, corresponding to just over $4,000.
While the success, in this case, was the result of law enforcement that managed to eradicate the malware, the world-wide problem is not solved. Monero (XMR) is increasingly the preferred crypto for this type of attack, as it allows greater privacy than bitcoin.
Moreover, there are increasingly more versions of malware that mine Monero (XMR), such as the more recent Norman or the attack associated with Access Mining.