Posted: August 28, 2019

Retadup Description

Retadup is a worm and Trojan botnet that can spread through shared drive space and compromise your PC with various attacks. Issues that malware researchers link to Retadup infections include unwanted encryption, cryptocurrency-mining, and loss of credentials. As a first response, users should have anti-malware products remove Retadup or confirm its uninstallation from the Trojan's contacting a legal authority-hijacked server.

Worms Dishing Out Anything That Pays

A Palestinian programmer's 'baby' worm from 2017 is becoming crippled by intervention from both the cyber-security industry and law enforcement in regions related to the threat's server ownership. Although Retadup's botnet is being shut down, one worm at a time, it remains a security risk for users who don't undertake suitable cleanup procedures. The revelation that this threat has taken over nearly a million PCs in Latin America, also, makes it clear that its simple distribution exploits are finding far more footholds than is kosher.

Retadup is a 'for hire' worm that delivers attacks that are variable between different campaigns, of which, malware analysts are including:

  • Retadup can drop members of the STOP Ransomware or the Djvu Ransomware family onto your PC. This Ransomware-as-a-Service will encrypt files, often, irreversibly, and block media like documents, pictures, and music.
  • Retadup may install Arkei. This spyware can collect files and credentials, such as passwords.
  • Retadup also runs a Monero-mining operation. Cryptocurrency-mining routines, if used irresponsibly, can damage your hardware or cause notable performance disruptions.

Retadup also earns its title as a worm, instead of just a botnet Trojan, by self-duplicating. It creates corrupted LNK files on shared drives as its installers. Fortunately, victims still have to launch it manually.

The Advantages of Trojans Pinging the Wrong Servers

This year's developments for Retadup are, however, more pleasant than revealing the previously-unexplored extent of Retadup's profits and botnet size. The Palestine-based threat actor no longer has control over the botnet due to a bug that the cyber-security industry exploited for hijacking servers. Currently, Retadup infections that contact one of these captured domains will receive instructions for uninstalling themselves. In theory, this should cause most PCs to self-disinfect automatically.

However, the above cure doesn't pertain to all of Retadup's potential payloads and doesn't affect offline systems. Users should remain cautious about potential losses of passwords, damage to CPUs and other hardware, and encryption stopping their digital media from opening. Best practices for login credential management, monitoring hardware resource usage, and secure, offsite backups are some of the precautions that malware experts can recommend for minimizing problems from Retadup's payloads.

Anti-malware services from the usual organizations also should delete Retadup automatically without requiring the Trojan's doing so, itself.

Although the takeover of Retadup's network is a considerable advancement, cyber-warfare continues, and Retadup's author could re-release the Trojan with appropriate updates. Residents of Peru and other, Latin American regions should ask themselves how they were put at risk, and tailor their future security practices appropriately.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Retadup may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.