• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

Avast and French authorities have now dismantled the nasty Retadup botnet. 

by Cyber360 News
November 11, 2019
in Malware
0
Avast and French authorities have now dismantled the nasty Retadup botnet. 
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

Avast and French authorities have now dismantled the nasty Retadup botnet. 

With the advent of cryptocurrencies, we have seen a gold rush surrounding them, particularly because of the opportunities Bitcoin once presented. This has also resulted in black hats exploiting the ecosystem to illegally mine certain cryptocurrencies as it directly translates to cash. One such incident recently surfaced.

Since March, the cyber security firm Avast had been investigating a dangerous botnet called Retadup which was being used to mine Monero cryptocurrency as well as to launch the STOP ransomware and Arkei password stealer. However, it had not found any major breakthrough.

This changed when the firm recently detected a design flaw in the malware’s Command & Control center (C&C) protocol which could allow them to remove the malware from infected computers without having to edit the actual code. However, there was a problem. The C&C center was hosted with a service based in France and to access it for taking it over was not possible by themselves.

See: Hackers selling stolen Fortnite accounts & botnets on Instagram

Hence, the researchers alerted the Cybercrime Fighting Centre (C3N) of the French National Gendarmerie with a plan to neutralize the victims infected by the malware. What followed was the Frenchmen presenting the case at hand to a prosecutor while Avast created a tracker program which would alert them of the creation of any new variants of the malware or the distribution of new malware altogether.

Moreover, the executory plan proposed was tested locally to identify any risks associated with it. As described by the researchers themselves,

“The Gendarmerie also obtained a snapshot of the C&C server’s disk from its hosting provider and shared parts of it with us so we could start to reverse engineer the contents of the C&C server. For obvious privacy reasons, we were only given access to parts of the C&C server that did not contain any private information about Retadup’s victims. Note that we had to take utmost care not to be discovered by the malware authors (while snapshotting the C&C server and while developing the tracker), Avast said in a blog post.

“Up to this point, the malware authors were mostly distributing cryptocurrency miners, making for a very good passive income. But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”

The results of infiltrating the server were ironic as they can get, at least in the cyber-security community. The malware itself was found to have been infected with another malware called the Neshta Fileinfector – can’t blame the hackers since they ideally would not like anti-malware software.

Moving on, the prosecutors allowed the French National Gendarmerie to proceed with the plan. Hence, the execution stage had begun. The disinfection server then replaced the malicious C&C server resulting in over 850,000 bots connecting to it for fetching instructions and thereby being disinfected.

Meet the malware that was infected by Malware - Retadup.

Reported by Avast from the data gathered.

Nonetheless, to hope that the botnet was restricted to France would be wishful thinking. It has spread through Latin America, Russia, and the USA with even some parts of the C&C infrastructure being found in the latter upon which the FBI had been informed resulting in those parts being successively taken down.

See: Top 10 VPN Services For 2019

Currently, the disinfection server will be kept online for a few months so that a certain segment of the infected users can connect to it – they have not done so till now due to either being offline or having connectivity problems as reported by the head of the National Criminal Intelligence Service at the French National Gendarmerie.

The takeaway from this episode is that users regardless of their expertise level need to install security software aimed at protecting their computer systems. By doing so, not only do you save yourself from wasting your computer power earning cash for someone else as seen above but also can be at ease knowing your data is secure.

This reminder is even more essential with it being discovered that over 85% of the victims had no anti-virus installed which means that the absence of one single program resulted in their compromise.

This is not the first time in recent years when authorities have taken down a sophisticated botnet in a snap. Previously, Kelihos, Andromeda, VPNFilter, Mirai, Andromeda, and WireX were some among several nasty botnets seizes and dismantled by authorities and cyber security giants.

See: IoT botnet of heaters & ovens can cause massive widespread power outages

If you are online you are under threat. To avoid becoming a victim of such botnets make sure your system/mobile device is up to date and being scanned with reliable anti-virus software on a regular basis. Stay safe online!

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
CamScanner app has been deleted by Google from Play Store.

CamScanner app has been deleted by Google from Play Store.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In