Advertisement

Cyber team busts global malware unit that hijacked 850K computers

By
Nicholas Sakelaris
French authorities said the infiltration they performed had never been done before. File Photo by Jarmoluk/Pixabay/UPI
French authorities said the infiltration they performed had never been done before. File Photo by Jarmoluk/Pixabay/UPI

Aug. 28 (UPI) -- French authorities say they have dismantled an international cyberattack program they say was responsible for seizing control of 850,000 computers.

The attacks aimed to infect other computers and secretly set up space to mine for cryptocurrencies on various servers, a malware intrusion experts say is very lucrative for hackers.

Advertisement

French authorities carried out a clandestine operation to disrupt the operation. Officials said the malware was developed this year when anti-virus firm Avast discovered a weakness.

The National Gendarmerie said it worked with the FBI to gain control of the malware server, which was physically located in northern France. The C3N cybercrime unit of the Gendarmerie took control of the server in July and replaced it with one that directed the malware to self destruct -- something the unit said has never been done before.

"In the very first second of its activity, several thousand bots connected to it in order to fetch commands from the server," researchers wrote on Decoded-Avast Wednesday. "The disinfection server responded to them and disinfected them, abusing the C&C protocol design flaw."

Authorities will keep the disinfection server online in case vulnerable computers haven't connected to the Internet in a while.

Advertisement

"Since it was the C&C server's responsibility to give mining jobs to the bots, none of the bots received any new mining jobs to execute after this takedown," researchers said. "This meant they could no longer drain the computing power of their victims and that the malware authors no longer received any monetary gain from mining."

Latest Headlines