Monero-Mining Crypto Botnet ‘VictoryGate’ Affecting At Least 35,000 Computers Taken Down

The Slovak cybersecurity firm ESET has identified and taken down at least a part of a cryptocurrency-mining botnet dubbed VictoryGate. The previously undocumented botnet has been active for almost a year and had supposedly infected more than 35,000 computers.

Crypto-Mining Botnet Malicious Endeavors

In its recent press release, the Bratislava-headquartered internet security company announced working together with the nonprofit Shadowserver Foundation to discover and disrupt “at least a portion of the botnet operation.”

The research compiled by ESET estimated that the botnet functions since May 2019. Since then, it has infected over 35,000 devices, mostly in Peru. It targets organizations in both the private and public sectors, including financial institutions. Its primary activity is mining the privacy cryptocurrency – Monero.

VictoryGate spreading happens mostly via removable devices, explained Alan Warburton, ESET researcher who investigated the botnet:

“The victim receives a USB drive that, at some point, was connected to an infected machine. It seemingly has all the filed with the same names and icons that it contained before being infected. Because of this, the content will look almost identical at first glance. However, all original files were replaced by a copy of the malware. When an unsuspecting user attempts to open one of these files, the script will open both the file that was intended and the malicious payload.”

The impact on electronic devices caused by botnets could lead to overheating and possible damages. They require a high resource usage, “resulting in a constant 90% to 99% CPU load,” Warburton added.

Growing Sophistication And Fears

ESET’s research also concluded that VictoryGate had made much more effort to avert any detection. It poses a significantly higher risk than other similar campaigns observed in the Latin America region.

A recent study on the matter compiled from 3,000 IT professionals showcased that 86% of them consider this to be a rising security threat. It’s called a cryptojacking, and it occurs when an unauthorized individual or entity assumes control over a third-party device to mine cryptocurrencies.

Despite the rising concerns, however, 12% of the IT specialists were not aware if their organization can detect such data manipulation. Even more, 32% of people outside of the IT industry said that they wouldn’t know if an unauthorized party is accessing or modifying their device. Almost all of them were not certain if their anti-malware is up-to-date and if it can detect newly emerging cyberthreats.