Lately, a new thing is happening attack through one cryptocurrency-mining botnet. The interest in this campaign is how to distribute malware to victims. The hackers have been hiding malware payloads in a picture of pop singer Taylor Swift to affect infected computers.
The name of the botnet is MyKingz. It is also known as Smominru, DarkCloud or Hexmen.
The story of the MyKingz botnet
MyKingz botnet first appeared at the end of 2017. It has been classified as best botnet for cryptomining businesses.
Initially, the team behind MyKingz infect systems Windows, developing various cryptomining applications.
The botnet has one of the most versatile scanning and infection mechanisms on Internet. MyKingz can target everything from MySQL to MS-SQL, from Telnet to SSH and from RDP to IPC and WMI.
For these reasons, MyKingz has been able to grow very quickly and become one of the most effective botnets. From the very first months of his life he managed to become infected more than 525.000 systems Windows and steal Monero worth $ 2.3 million.
The botnet attacks were limited at some point, so some thought it had disappeared. However, in the summer some reports were published Guardicore and Carbon Black which showed that MyKingz is still "alive" and infects a large number of computers (4.700 computers per day).
Taylor Swift
According to a report by Sophos, the latest campaign using MyKingz botnet was detected this month and targets United Kingdom.
MyKingz detects vulnerable computers, thanks to tool scans, and accesses them, but needs a way to deploy malware payloads on infected systems.
Sophos researchers note that the hackers behind MyKingz are using its technique sealing, which allows them to hide malicious files in a legal way archives.
In this case, the hackers hide a malicious EXE inside a JPEG image of Taylor Swift.
In this way, hackers try to trick the security software used by Companies to protect their networks. The programms security they will only see that a Taylor Swift single image (JPEG) is being downloaded, and they will not understand that there is a very dangerous EXE file.
This is not the first time we see one hacking team to use a star's signature or image to distribute malware. Last year, some hackers used an image of actress Scarlett Johansson to develop malicious software on hacked PostgreSQL databases.
In recent months, hackers have not only limited their use of images to attack, but have also used other types, such as WAV audio files.
MyKingz has been one of the biggest threats to Windows computers in the last two years. Updated systems are located at risk.
Sophos researchers believe the team behind the MyKingz botnet earns about $ 300 / day. Overall, since the day it appeared it has offered its administrators over $ 3 million.