Security News > 2020 > April > 'VictoryGate' Botnet Infected 35,000 Devices via USB Drives
ESET managed to sinkhole several command and control servers of a botnet that propagates via infected USB devices, thus disrupting its activities.
Referred to as VictoryGate and active since at least May 2019, the botnet impacted devices in Latin America the most, especially Peru, where more than 90% of the compromised devices are located.
The botnet abuses the resources of an infected device for cryptomining, with a sustained 90-99% CPU load, thus slowing down the device and possibly even damaging it.
For propagation, the botnet uses infected removable devices only.
"Despite our efforts, infected USB drives will continue to circulate and new infections will still occur. The main difference is that the bots will no longer receive commands from the C&C. This will prevent new victims from downloading secondary payloads from the internet. However, those PCs that were infected prior to the disruption may continue to perform cryptomining on behalf of the botmaster," ESET concludes.