A report from cyber-security firm, ESET, confirms over 35,000 computers have been infected with a crypto mining malware since June 2019. The attackers targeted Windows computers with over 90% of the detected computers in South America’s Peru.
‘Monero (XMR) the most commonly mined crypto’
According to the hacking news outlet, The Hacker News, the botnet crypto-malware, named “Victory Gate”, spread over Latin America in the early days of 2019. Since May 2019, the malware spread to over 35,000 Windows computers infecting them with a crypto mining botnet. Not to any surprise, the most prevalent coin being mined on these computers is privacy-focused, Monero (XMR).
How do users get infected?
According to the report on the malware hack, most of the victims were infected through via removable devices such as USB drives that installs a malicious payload into the system. Once installed, the botnet offers different commands to the node. The report reads,
“It has been active since at least May 2019 and, since then, three different variants of the initial module have been identified, in addition to approximately 10 secondary payloads that are downloaded from file hosting websites.”
Other cryptocurrencies could also have been mined in the process given the attacker was able to issue commands to the nodes to download and execute new secondary payloads. Luckily, ESET was able to detect and remove a portion of the crypto-mining malware from these computers earlier this month.
Over 2000-3000 computers mined Monero
An observation by the ESET team confirms that close to 2000-3000 computers were mining XMR in the background on average daily. This totaled to about $6,000 in XMR tokens mined from this botnet.
“If we estimate an average hash rate of 150H/s, we could say that the authors of this campaign have collected at least 80 Monero (approximately $6000) from this botnet alone.”
Despite the efforts ESET has made to remove the botnets from the computers, the cyber-security firm warns that new infections could affect the computers. Users have been urged to stay vigilant as Victory Gate can re-infect those computers that were not in the ESET ‘sink holing’ project.