Two Years of Activity Helped Retadup Reach Over 800,000 Computers

The first traces of Retadup’s activity were spotted in 2017 when the Malware was found to exhibit worm-like behavior and spreading across vulnerable networks. The capabilities of the Retadup Malware are rather impressive – it boasts the ability to exfiltrate data and information from infected hosts, self-replicate, and plant a crypto-miner module that mines for the Monero crypto-currency.

The Monero wallets discovered on the seized servers contain just about $4,500, but the authorities believe that this is a small fraction of the money that the crime gang behind the Retadup malware made. Reportedly, the 850,000 active copies of the Retadup malware were commanded to initialize the self-deletion process so that the successful operation also has helped clean an infection from nearly a million computers.

Retadup’s Operators might Have Sold Access to Infected Machines

It is believed that the authors of the Retadup malware were experimenting with other monetization schemes – there are suspicions that they might have sold access to infected devices to other cybercriminals since copies of password collectors and ransomware were often brought alongside the Retadup malware.

Protecting your systems from threats like this one requires the use of a sophisticated anti-virus software suite, as well as remembering to double-check the credibility of all files you download from the Web.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]