World ‘Longest-Running’ Andromeda Botnet Finally Shut-down

In a coordinated International cyber operation, Europol with the help of international law enforcement agencies has taken down what it called “Andromeda” one of the longest-running malware families in existence.

Andromeda, also known as Win32/Gamarue, is an infamous HTTP-based modular botnet that has been around for several years now, and infecting computers with its malicious intentions ever since.

The takedown took place last Wednesday, November 29, 2017. Law enforcement organizations that participated in the takedown include the Federal Bureau of Investigation (FBI), the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), and Eurojust.

The primary goal of Andromeda bot is to distribute other malware families for mass global malware attacks.

The botnet has been associated with at least 80 malware families, and in the last six months, it was detected (or blocked) on an average of more than 1 million machines per month.

Last year, law enforcement agencies took down the criminal infrastructure of the infamous Avalanche botnet in a similar massive international cyber operation. Avalanche botnet was used as a delivery platform to spread other malware families, including Andromeda.

While investigating into Avalanche botnet, information obtained by the German authorities was shared with the Federal Investigation of Bureau (FBI) via Europol, which eventually helped the international agencies to tear down Andromeda.

In a joint operation, the international partners took down servers and more than 1,500 web domains which were being used to distribute and control Andromeda malware.

“This is another example of international law enforcement working together with industry partners to tackle the most significant cybercriminals and the dedicated infrastructure they use to distribute malware on a global scale,” Steven Wilson, the Head of Europol’s European Cybercrime Centre (EC3), said.

“The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.”

Using sinkholing the now-seized domains, tactic researchers use to redirect traffic from the infected machines to a self-controlled system; authorities found over 2 million unique IP addresses from at least 223 countries associated with Andromeda victims with just 48 hours.

Further investigation also helped law enforcement authorities arrest a suspect in Belarus, who was allegedly involved in the Andromeda cybercrime gang.

Just last week, Europol seized more than 20,000 web domains for illegally selling counterfeit products, including luxury products, sportswear, electronics, pharmaceuticals and online piracy on e-commerce platforms and social networks in its fight against the online trade of counterfeit goods.


Credit: Thehackernews

Jai Prajapati

Jai Prajapati is a security analyst and author for Securityleaks, where he passion for covering latest happening in cybersecurity world such as malware, breaches, vulnerabilities, exploits, white-papers, hacking newsbytes, Dark Web, hacking tutorials and a few more.

Leave a Reply

Your email address will not be published. Required fields are marked *