Retadup Botnet Defeated by Design Flaw


Retadup Botnet Defeated by Design Flaw (Aug 28, 2019)

Over 850,000 unique infections of the Retadup cryptojacking botnet have been neutralized after a Command and Control (C2) server was taken down in Paris, France. Bringing down the Redatup infrastructure was possible due to a design flaw that researchers found in the botnet's communication protocol. The Cybercrime Fighting Center (C3N) of the French National Gendarmerie replaced the malicious C2 server with a version that made connected instances of Retadup self-destruct. The botnet was used primarily for Monero cryptojacking, and according to officials at C3N, Retadup operators have earned an estimated “several million” euros every year starting in 2016.

Recommendation: One of the best ways to secure your cryptocurrencies against theft is by using hardware wallets. Hardware wallets are a type of cryptocurrency wallet that stores the owner’s private keys on a hardware device that is secure from hacking attempts. Cold storage wallets could also be used to assist in cryptocurrency security. Cold wallets are placed on clean air-gapped computers and therefore protect all private keys from online threats. It is more tedious to use but increases the security.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.