Over 35K Computers Infected with Crypto-Mining Malware in Latin America

ESET, a renowned cybersecurity firm, has confirmed that more than 35,000 computers were infected across the globe. This has been the case since June of 2019, according to ESET. The attackers in question have targeted Windows computers, with more than 90% of these computers having been detected within the country of Peru.

Infection Primarily Through Removable Devices

The Hacker News, an aptly named hacking news outlet, stated that the “Victory Gate” crypto-malware botnet has spread across Latin America. According to the news outlet, it’s been spreading there ever since 2019’s early days. Since May of 2019, however, the malware had spread across more than 35,000 Windows computers, infecting them all with a crypto mining botnet. As to be expected, the most common coin mined through this malware network is the Monero (XMR) privacy-focused cryptocurrency.

According to the malware hack report, a majority of these victims get infected through removable devices. Examples of these would be USB drives that install a malicious payload within the victim’s system. Once this is installed, the botnet offers a variety of commands to the node in question.

Capable of Mining More Than Monero

The report stated that this botnet in question has been active since May of 2019, at least. Since its start, however, the report says that three variations of the original module have been identified. Furthermore, it revealed that there’s an approximate of 10 secondary payloads that get downloaded from various file hosting websites.

It should be noted, however, that the attackers are capable of issuing commands to the nodes to download and execute secondary payloads. What this means is other forms of cryptocurrencies could also be mined in the process, according to the report. Luckily, ESET had managed to identify these crypto-mining malware from the various computers it’s listed, removing a portion from it earlier this month.

$6000 In Illegal Profits

The ESET team observed and subsequently confirmed that approximate 2000-3000 computers were actively mining XMR in the background on a daily average. What this totaled into is an estimated $6,000 in XMR tokens mined from this botnet.

ESET explained that this assumes an average hash rate of about 150H/s, which would lead the creators of this botnet with an approximate minimum of 80 Monero from the botnet alone.

While ESET had made efforts to remove these botnets from the infected computers, the firm warns that new infections could occur just as quickly. Users have been advised to stay vigilant against Victory Gate, as re-infection is possible for computers that weren’t within the “Sink holing” project of ESET.