French internet police have neutralised a hacking operation that had taken control of more than 850,000 computers, mainly in Latin America, since 2016.
The agents went into action last spring after the Czech antivirus firm Avast alerted them to the software worm, called Retadup, that was being controlled by a server in the Paris region.
The C3N cybercrime unit at the French gendarmerie, which carried out the counterattack with help from the US Federal Bureau of Investigation, called it a "world first" in a statement late Tuesday.
"It's a huge operation," given the number of computers infected, said Gerome Billois, a cybersecurity expert at the French technology services firm Wavestone.
Police first made a copy of the server orchestrating the attack, which allowed them to hack into it and surreptitiously take control.
They then ordered all the infected computers to uninstall the Retadup malware, which police said was allowing the pirates to create the Monero cryptocurrency.
Retadup is also suspected of being used in several ransomware attacks and data thefts, the gendarmerie said.
"Don't click on links if you're not sure who sent you the email," Colonel Jean-Dominique Nollet, head of the C3N unit, told France Inter radio on Tuesday.
Up-to-date antivirus programmes
"Don't click on attachments either, and use up-to-date antivirus programmes, even free ones," Nollet said. "Try not to do anything stupid on the internet."
According to Avast, nearly 85 percent of the infected computers did not have antivirus programmes, while others had the programmes but they had been deactivated.