VictoryGate is the name of a malware botnet that remained undocumented until recently while being active since May 2019. According to cybersecurity researchers at the Slovakia-based security firm ESET, the botnet is designed to mine for Monero cryptocurrency and is distributed through infected USB devices.
ESET researchers sinkholed several C&S domains to monitor the malicious activities of VictoryGate and were able to take down a portion of the malware botnet C&C servers with the help of No-IP, a dynamic DNS service provider.
See: Hackers sending malware-infected USBs with Best Buy Gift Cards
It is worth noting that VictoryGate’s subdomains were registered with No-IP, which immediately took them down.
Further probe revealed that so far VictoryGate has infected a minimum of 2,000 and up to 35,000 devices between February and March 2020. Almost 90% of the infected devices are located in Peru, Latin America.
Since 2019, at least three different variants of the botnet’s initial module (detected as MSIL/VictoryGate) have been discovered along with about 10 secondary payloads, which are downloaded from file-hosting sites.
As shown in the screenshot above, it is also identified that the botnet targets Windows systems. The victims include public and private sector organizations, mainly financial institutions. It works by installing a malicious payload into the device, which is distributed through removable USB drives.
“Despite our efforts, infected USB drives will continue to circulate and new infections will still occur,” ESET wrote in a
Support the originator by clicking the read the rest link below.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
