It has been a while since Monero malware made headlines. Recent research by Avast shows this industry is far from dead. The Retadup worm is currently infecting thousands of windows machines in Latin America. Once a device is infected, the malware will begin mining the Monero cryptocurrency and attempt to avoid detection.
The Retadup Threat is Very Real
Security researchers are always on the lookout for new potential threats Criminals continue to show an affinity for malware, ransomware, and every other type of software which can cause significant harm. This has become apparent as far as the Retadup worm is concerned. It is a very real threat which, despite not getting much attention by the media, managed to infect tens of thousands of computers in Latin America.
Avast researchers discovered this particular worm across Latin America. It is a nasty piece of software which aims to remain on victims’ computers as long as possible. Not only will it further distribute itself, but it will also install a load of additional “modules”. This can range from malware to ransomware and anything in between.
In most cases, Retadup seemingly installs a cryptocurrency mining tool. That tool focuses on mining Monero. This is one of the few cryptocurrencies which can be mined with regular computer hardware in a somewhat efficient manner. The first detections of Retadup were cataloged in March of 2019. Fast forward to today, and its presence has become more prevalent than ever before.
Interestingly enough, the early detections of Retadup were easy to remove from victim’s computers without any loss of data. The command and control server was taken over by Avast, which seemingly put an end to this threat once and for all. Following thorough research, it became apparent this worm could affect all versions of Windows. Most of the victims were still running Windows 7, a version which has been deemed outdated for quite some time now,
While it seems this threat has been officially nipped in the bud, it remains to be seen if other “variants” of Retadup will make their presence known. Since this malware was so successful, it is not unlikely to assume other versions of it still exist. Moreover, there is a chance the original developers have experimented with this worm behind the scenes. It is even possible they followed the Avast investigation with much attention, as it provides a lot of information on how to improve this malware.
For the Monero community, this news isn’t great either. The anonymity-oriented altcoin continues to be associated with online criminal activity. In fact, it seems Monero is usually mentioned in the same breath as malware. Bitcoin, on the other hand, is the preferred currency for ransomware payments. Both of these monikers are damaging to the reputation of all cryptocurrencies.