In Peru, 35,000 hacked computers mine Monero (XMR)


In Peru, 35,000 hacked computers mine Monero (XMR)




Another bot that is wreaking havoc: VictoryGate has transformed more than 35,000 computers into miners of Monero (XMR) zombies, in Latin America. Hackers are never short of ideas, to mine a few cryptos, on the backs of their innocent victims.

Code Name: VictoryGate


According to cybersecurity company ESET, more than 35,000 computers, mainly in Peru, have been infected by the botnet "VictoryGate" since June 2019.

Most of the victims were in the public sector or in financial institutions. The malware mainly exploits Monero (XMR) - already that Taylor Swift could make us lose them - and sends commands to the nodes to download and execute new secondary payloads.

The hackers' earnings would amount to at least 80 XMR - approximately 6,000 USD - with an average hash rate of 150 H / s.

The botnet is spread by removable devices, such as USB sticks. “The victim receives a USB key which, at one point, was connected to an infected machine. It apparently has all of the files with the same names and icons it contained before it got infected. For this reason, the content will be almost identical at first glance. However, all of the original files have been replaced with a copy of the malware, "said ESET researcher Alan Warburton.


A cure for this virus



VictoryGate only uses subdomains registered with the dynamic DNS provider No-IP.

With the help of the latter, as well as the non-profit Shadowserver Foundation, ESET was able to remove part of the command and control servers (C&C) from the botnet, at the beginning of May 2020.

The company has also set up surveillance means. ESET warns users, however, that new infections may still occur in the future, especially for computers that are not part of the ESET Sinkhole project.

ESET has discovered, to date, three variants other than the initial module.

Post a Comment

Previous Post Next Post