Vivin Botnet

Vivin Botnet Description

Malware researchers have been keeping an eye on the activity of the Vivin Botnet since 2017 when this botnet first appeared on the map. The peak activity of the Vivin Botnet was around the end of 2018. Ever since, the operators of this botnet have been neglecting this campaign, and there has been a decreasing number of hijacked systems. The goal of the creators of the Vivin Botnet is to compromise unsuspecting users' systems and plant cryptocurrency miners on them. This would allow the operators of the Vivin Botnet to mine cryptocurrencies using up the computing resources of the users whose systems have been hijacked.

Mines the Monero Cryptocurrency

The mining module that the creators of the Vivin Botnet inject in the compromised systems is the publicly available XMRig cryptocurrency miner. The XMRig miner is designed to mine the Monero cryptocurrency. The XMRig miner has been altered slightly by the operators of the Vivin Botnet to ensure that it runs in the background without raising any suspicion. To spread the payload of the Vivin Botnet, the attackers have opted to utilize pirated applications on popular torrenting websites as an infection vector. This is why cybersecurity experts advise users against downloading pirated content – not only it is illicit, but it also can harm your system and jeopardize your data's safety.

Gaining Persistence

Upon infecting a system, the Vivin Botnet would establish a connection with its operators' C&C (Command & Control) server immediately. This is done so that the threat registers the newly compromised system and fetch the configurations it needs. The operators of the Vivin Botnet use a few different Monero wallet addresses where they collect the mined cryptocurrency. However, they appear to have mentioned several of these addresses on Reddit. The posts regarding the Monero addresses used in the Vivin Botnet campaign were posted by an individual with the username 'vivin123,' which is what inspired the name of the botnet. The Vivin Botnet would gain persistence on the compromised host by scheduling a Windows task that would run the mining module every 30 minutes to ensure it is always operational.

Cryptocurrency miners remain a popular means to make cash illicitly, and cyber crooks are becoming more cunning by the day. This is why users should keep all their applications up to date and be very careful when downloading media or software online. Furthermore, make sure you download and install a genuine anti-malware tool that will keep your system safe and your data secure.

Do You Suspect Your PC May Be Infected with Vivin Botnet & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Vivin Botnet as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.