The botnet bear upon device in Latin America , especially Peru , are lie with as VictoryGate and combat-ready since at least May 2019 , and feature to a greater extent than 90 % of the compromise devices . After the C&Cs have been go down , ESET security system investigator have been able to judge the size of it of botnet to over 35,000 calculator . VictoryGate principally concentrate on Monero mine , but the malware appropriate the botmaster to subject node overtop for download and sway out additional load . sol ESET trust that the spirit of the botnet may at some pointedness have commute . The botnet pervert the resourcefulness of infect crypto miner with a substantiate 90 - 99 % CPU burden , retard the organization downwards and potentially damage it . The botnet employment lone infect obliterable gimmick for propagation . The malware replicate all file on the USB driving force to a mysterious settle directory and expend pilot - accumulate Windows executables as obvious refer . The USB aim is vernacular to the dupe , with all charge and directory in rate . The hand outset both the ascribe single file and the initial faculty for the malware , which replicate itself to a per centum of AppData and frame a crosscut in the inauguration leaflet to run for at reboot . The malware will inclose an AutoIt - compile script into legalize Windows cognitive process to secure communication and download and carry through secondary payload with the see to it and control ( C&C ) host . The handwriting too handicap for taint affiliated USB motor . The bot may download and put to death file away , send word C&C of successful tax , put forward system selective information ( username , hostname , put in antimalware merchandise , AutomoIt interlingual rendition , and more than ) , and separate C&C if the carrying out way is not the desire one . The download loading abide by were AutoIt - amass book test to interject the XMRig mining computer program into the ucsvc.exe file away . side by side , the minelaying of the infect twist get down . The botnet purpose an XMRig placeholder to cloak the mine pocket billiards and avoid mine when the drug user surface Task Manager to hold back the use of the processor . The cycles/second will be restart once the Task Manager is close down . ESET study that an norm of 2,000 bot mining during the intact sidereal day and that a total of 80 Monero ( more or less $ 6,000 ) have been create by botnet surgical operation .