Monero mining virus eradicated from 850,000 devices by French police

Fibo Quantum

  • The malware, dubbed “Retadup,” originated from Paris.
  • Retadup was first recorded by Czech antivirus firm Avast last spring.

The French police cybercrime unit has recently discovered and neutralized a virus, dubbed “Retadup,” that secretly infected over 850,000 devices worldwide. It was used to mine Monero (XMR), which focuses on privacy and anonymity. The malware originated from Paris. The most recent attack employed the processor power of a large number of Windows-operating computers to produce coins for the perpetrators in more than 100 countries.  

In an interview with France Inter radio, C3N chief Jean-Dominique Nollet said:

“We managed to track down where the command server was, the control tower for the “botnet” network of infected computers.” 

The French “cybergendarmes” along with the US Federal Bureau of Investigation executed a counterattack soon after they received an alert. They succeeded in disinfecting computers all over the world, mainly in Central and South America. Retadup was first recorded by Czech antivirus firm Avast last spring. This alarmed the French authorities to the software. The worm is the reason for opening a backdoor on infected machines, letting the attackers to carry out the commands remotely. Avast reported that Retadup runs almost without trace, which is the only noticeable difference for the end-user being reduced hardware performance.

France’s C3N digital crime-fighting center believes that the operators behind the botnet might have made millions of euros since they started operations. Instances like this have arisen over the last two years, leading commentators to warn of a possible epidemic.