This Crypto Mining Botnet Propagates Using Taylor Swift Photos
MyKingz infects 4700 new computers each day and generates $300 per day in Monero.
A report by UK cybersecurity firm Sophos, the operators of the MyKingz crypto mining botnet (also known as Hexmen or DarkCloud), are using a technique called steganography to hide malicious files in infected computers.
Sophos warned of the pervasive nature of the MyKingz botnet, which has been operating for the last couple of years, so there’s a “pretty good chance everyone who reads this story will have had some degree of interaction with a botnet we call My Kings.” This, the cybersecurity firm adds, as for the past few years the botnet has been a “persistent source of nuisance-grade opportunistic attacks against the underpatched, low-hanging fruit of the internet.”
According to Sophos, the MyKingz botnet has managed to propagate through the use of a Taylor Swift to infect computers with the new malware,
“In this sample image, a Windows malware executable (identifiable by its characteristic MZ header bytes and text) appears within the image data in a modified .jpg photo of Taylor Swift. MyKings’ operators uploaded this innocuous-looking image file to a public repository, and then used it to deliver an update to the botnet.”
MyKingz reportedly infects 4700 new computers each day, generating a daily income of $300 through the mining of Monero.