The VictoryGate botnet is active since at least May 2019, the botnet is more active in Latin America the most. More than 90% of the infected devices are located in Peru. Experts from ESET managed to sinkhole several C2 servers and dismantled the previously undocumented botnet that was composed of over 35,000 devices.
The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. The bot has infected devices belonging to organizations in both public and private sectors, including financial institutions.