The VictoryGate botnet was spread through infected USB devices.
Companies in the Peruvian financial sector stand out among the victims.
A malicious network, the VictoryGate botnet, attacked at least 35,000 computers, mainly in Latin America, to mine Monero (XMR). Of these, more than 90% of the equipment affected by mine monero is in Peru. This was the result of an investigation by the computer security company ESET, the inventor of the NOD32 antivirus.
The percentage that corresponds to teams in Peruvian territory shows this More than 31,000 of the teams affected were in this South American country. Public and private organizations, including companies in the Peruvian financial sector, stand out among the victims.
The attack consisted of Kidnap the resources of the affected computers to undermine the privacy-oriented cryptocurrency. However, the researchers found that this functionality “could change at any time” due to the properties of the network.
According to the investigation, victims have accidentally downloaded malware through file hosting sites on the Internet. Then it was spread by infected USB devices.
The text shows that after the botnet was found, the investigation team reported its existence to dynamic DNS service provider No-IP, a company that hosted subdomains used by VictoryGate. This company, the report says, has removed these domains. thats why managed to limit the attacker’s control.
In addition, the investigation led to the collection of data that will be passed on to the Shadowserver Foundation. This data is used to alert local authorities and network operators involved about the find.
Regarding the risks of this attack, the report describes that the infected computers suffer from a high consumption of the resources of their devices. This use is in a range between 90% and 99% of the resources of the affected PC. This excess can not only slow down the operation of the device but also damage it.
When operating the infection, the text emphasizes that the files hidden on the infected USB stick are “hidden in a folder with system attributes in the root directory of the removable disk”. These files can disguise themselves by pretending to be legitimate Windows operating system files.
If the user unknowingly executes the output module hidden in the USB storage device, this module generates a copy of itself in the file system of the intruded computer and adds the ESET document.
The intruding code is then inserted into legitimate operating system processes. In order to, Install the XMRig Miner, which is used to extract XMR from the victim’s computer.
Using infected computer resources to mine cryptocurrencies is relatively common in computer attacks. So much so that it became known recently Thousands of Microsoft servers have been infected with another botnet that degrades monero since 2018as reported by CryptoNews in early April.