French police have managed to take down a botnet of more than 850,000 computers that were being used to mine the Monero cryptocurrency.

The operation, led by a team from France’s C3N digital crime-fighting center dubbed “cybergendarmes,” targeted the botnet after being tipped off earlier this year to its existence by antivirus firm Avast Software s.r.o., the BBC reported last week.

The botnet, which spanned the globe, used the Retadup worm to target Windows systems. First detected in 2017 when it attacked an Israeli hospital, Retadup propagates itself via phishing emails, and once it infects one personal computer, it can spread across a network. It has been used for various purposes, including cybercrime and cyberespionage, but by April 2018 was primarily being used to spread cryptomining malware.

How the French police come into the picture is that despite the botnet operating globally, the command-and-control server resided in France and that’s where the takedown story begins. The Avast researchers identified “a design flaw in the C&C protocol that would have allowed us to remove the malware from its victims’ computers had we taken over its C&C server,” the researchers explained.

The path to justice was not quick: French police were required to present their findings to a prosecutor to advance with a takedown of the botnet. That eventually happened in July.

Using the identified design flaw, on July 2 the C&C server was taken over. From that point on, the police could provide commands to all the infected systems that were contacting the C&C server to delete themselves, a process that took 45 days through Aug. 19, involving more than 850,000 systems.

The identity of the person or group behind that botnet has not as yet been revealed by authorities. But an Israeli Twitter account dedicated to cybercrime updates claims to have traced the botnet to a Palestinian man based on details the hacker had left on social media.

Google searches after the hacker's phone number led us to a Facebook page controlled by the hacker. pic.twitter.com/wjY4Y9PWac

— Under the Breach (@underthebreach) August 28, 2019

The news of the botnet takedown prompted Monero, the cryptocurrency being mined by the botnet, to surge in price over the weekend. The price rise was less because the cryptocurrency being mined than because of the botnet’s takedown, which restrained new supply.

Monero rose as much as 10.9% on Sunday before falling slightly, though it was up more than 6% as of 8:50 p.m. EDT.  There’s little doubt that the news of the botnet takedown caused the price increase, since all other major cryptocurrencies remained flat by comparison over the weekend.

Photo: Pixabay