Avast and French Police Dismantle Retadup Cybercriminal Group

Antivirus company Avast, in collaboration with the French National Gendarmerie, has put an end to the activities of the Retadup cybercriminal group. For two years, this group infected users’ computers, turning them into obedient bots. Even more impressively, Avast specialists managed to “heal” the affected computers. They achieved this by using the criminals’ own command and control (C&C) server to send a self-destruct command to the malware.

As a result, antivirus experts neutralized more than 850,000 Windows systems, and users didn’t have to do anything themselves.

How Avast Stopped the Malware

The Avast team began tracking the cybercriminal group’s infrastructure back in March. Through careful analysis, researchers discovered a vulnerability in the C&C server’s communication protocol. If exploited correctly, this flaw allowed them to send a special command to the malware installed on victims’ computers, causing it to delete itself.

Since the criminals’ servers were located in France, Avast contacted local law enforcement and provided all the information needed for a counter-operation. By joining forces against the Retadup criminals, French authorities and the Avast team were able to quickly seize the server and clean the infected users’ computers.

You can find Avast’s report on the operation here.