Avast has managed to take down the Retadup crypto-mining worm disinfecting more than 850,000 computers, with the help of French National Gendarmerie, the antivirus maker announced in a blog post.
The security researchers at Avast discovered a design flaw in the communications protocol of Retadup that allowed the team to remove the malware from the infected computers. They replaced the crypto-mining worm’s C&C (Command and Control center) with a disinfection server that caused the connected pieces of malware to self-destruct.
Since the C&C infrastructure of Retadup was located in France, the Avast team contacted French authorities to stop the malware botnet. The security researchers also contacted FBI becasue some parts of the C&C infrastructure was located in the U.S.
The team noted that the vast majority of infected computers were located in Latin America. 35% of Retadup hosts were found to be in Peru, and the remaining 85% of infected systems were located in Venezuela, Bolivia, Ecuador, Mexico, Colombia, Argentian, and Cuba.
The researchers also point out the botnet majorly targeted computers that had either two or four cores and were running on Windows 7. Also, 85% of victims didn’t have installed any 3rd-party Antivirus solution on their computer.
Retadup goes unnoticed?
Avast security experts were closely monitoring the Retadup activities since March 2019. However, the worm initially came up into notice in 2017 when TrendMicro published a bunch of articles on the malware. “The worm never got the attention it warranted from the security community,” writes Jan Vojtěšek ..
Support the originator by clicking the read the rest link below.
