ESET researchers discover and
play a key role in the disruption of a 35.000-strong botnet spreading in Latin
America via infected USB drivers
By Alan Warburton
ESET researchers recently
discovered a previously undocumented botnet that we have named VictoryGate. It
has been active since at least May 2019 and, since then, three different
variants of the initial module have been identified, in addition to
approximately 10 secondary payloads that are downloaded from file hosting
websites. The initial module is detected by ESET security products as
MSIL/VictoryGate.
This botnet is composed
mainly of devices in Latin America, specifically Peru, where over 90% of the
compromised devices are located. We’ve been actively sinkholing several command
and control (C&C) domains, allowing us to monitor this botnet’s activity.
The combination of the sinkhole data and our telemetry data allows us to
estimate the botnet’s size to be at least 35,000 devices.
To control its botnet,
VictoryGate used only subdomains registered at the dynamic DNS provider No-IP.
ESET reported the malicious subdomains to No-IP, who swiftly took them all
down, effectively removing control of the bots from the attacker. Also, ESET is
collaborating with non-profit Shadowserver Foundation by sharing sinkhole logs
in an effort to further remediate this threat.
Read the complete article on:
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29