Facebook Takes Out Litecoin Mining Greek Botnet Beast

Arrests are made in the Lecpetex botnet investigation

Social networking behemoth Facebook has helped take down a botnet that largely affected Greek people, with as many as 250,000 infected.

Two suspects have been arrested by the Greek police in the investigation into the Lecpetex botnet, which was set up primarily to mine the virtual currency Litecoin, and spread over social networks.

Facebook worked with partners to take down the infrastructure back in April, but is only just now talking about the operation, after the arrests.

Facebook vs. botnet

ENISA botnet reportThe Lecpetex malware, once installed on victims’ PCs, was used to promote social spam and hit as many as 50,000 Facebook accounts at its peak. Outside of Greece, there were notable numbers of infected machines in Poland, Norway, India, Portugal, and the US.

Users were initially infected when tricked into running malicious Java applications and scripts. That then installed the Litecoin miner, spy software called DarkComet RAT and a module that would pilfer social network cookies to hijack accounts and spread malicious links to contacts via private messages.

Between December and June, the attackers used their botnet to launch “20 distinctive waves” of spam across social websites, Facebook’s security team said in a blog post.

The malware authors were said to have been working on a Bitcoin “mixing” service, which would have made it more difficult to track their illicit funds, effectively laundering them through hard-to-trace Bitcoin transactions.

“Lecpetex was a particularly persistent malware family. We hope this example will illustrate that cooperation can be helpful and productive in shutting down botnets, particularly when criminals abuse multiple online platforms to achieve their aims,” Facebook added.

Are you a security expert? Try our quiz!