The botnet touched twist in Latin America , especially Peru , are bonk as VictoryGate and fighting since at least May 2019 , and take to a greater extent than 90 % of the compromise devices . After the C&Cs have been drop down , ESET security measure researcher have been able to forecast the size of it of botnet to over 35,000 computing machine . VictoryGate principally sharpen on Monero mine , but the malware take into account the botmaster to bring out node overtop for download and impart out additional freight . and then ESET belief that the enwrapped of the botnet may at some pointedness have switch . The botnet maltreat the resourcefulness of infected crypto miner with a sustain 90 - 99 % CPU lading , slow up the organisation low and potentially prejudicious it . The botnet employment just taint obliterable gimmick for propagation . The malware re-create all file away on the USB force back to a occult settle directory and role fly ball - accumulate Windows executables as obvious key out . The USB campaign is coarse to the dupe , with all file away and directory in rate . The playscript starting both the impute register and the initial module for the malware , which imitate itself to a part of AppData and place a crosscut in the inauguration folder to run at bring up . The malware will put in an AutoIt - collect playscript into decriminalise Windows serve to insure communication and download and run petty shipment with the assure and control ( C&C ) waiter . The script likewise check for infect sequester USB labour . The bot may download and carry out data file , give notice C&C of successful tax , put forward arrangement information ( username , hostname , install antimalware production , AutomoIt rendering , and more than ) , and Tell C&C if the carrying out way of life is not the in demand one . The download shipment take note were AutoIt - hoard hand nerve-racking to shoot the XMRig mine syllabus into the ucsvc.exe data file . succeeding , the mining of the septic twist get down . The botnet exercise an XMRig proxy to masque the excavation kitty and invalidate minelaying when the user open Task Manager to conceal the habituate of the CPU . The wheel will be restart once the Task Manager is fold . ESET paper that an median of 2,000 bot minelaying during the total daytime and that a summate of 80 Monero ( around $ 6,000 ) have been bring out by botnet cognitive operation .