Slovakian cybersecurity firm ESET has reported some success in disrupting the workings of a previously undetected Monero (XMR)-mining botnet in Latin America.

In an proclamation on April 23, ESET said the malware had infected over 35,000 computers since May 2019, with 90% of compromised devices located in Republic of peru.

Researchers have had some success in tackling the threat

ESET researchers have dubbed the botnet VictoryGate, noting that its primary activity has been illicit Monero mining — also known equally cryptojacking.

This is the industry term for stealth crypto-mining attacks that work by installing malware that uses a computer'south processing power to mine for cryptocurrencies without the owner's consent or noesis.

The firm'southward announcement notes that the malware results in extremely high resource usage on infected computers, resulting in a sustained 90–99% CPU load that tin lead to overheating and potentially damage the device.

The botnet's propagation vector has been external USB drives, which appear to have files with names and icons that are identical to those contained originally.

"Withal, the original files take been copied to a subconscious directory in the root of the drive and Windows executables have been provided as apparent namesakes," ESET writes.

Having detected the botnet, ESET has had some success in disrupting its operations by taking down its command and control (C&C) server and setting upwardly a "sinkhole." This works to divert requests to an alternative domain name and has enabled ESET to monitor and control the infected hosts.

ESET says information technology is working with the non-profit Shadowserver Foundation to share sinkhole logs and jointly try to mitigate the threat posed by VictoryGate. The researchers emphasized:

"Despite our efforts, infected USB drives volition continue to circulate and new infections will still occur. The main difference is that the bots volition no longer receive commands from the C&C [...] Withal, those PCs that were infected prior to the disruption may continue to perform cryptomining on behalf of the botmaster."

Users tin can meanwhile use the house's costless online scanner if they believe their device has been infected by the botnet.

Cybercriminals and privacy money Monero

Every bit recently reported, the attackers behind the then-dubbed "Sodinokibi" ransomware take recently switched from Bitcoin (BTC) to Monero to better protect their identities from law enforcement.

Before this calendar month, major United Kingdom-based firm Travelex was forced to fork out almost $2.3 million in Bitcoin later being infected by Sodinokibi on new year's day's eve 2020.