Researchers have released a new report on a new crypto-mining botnet that uses seemingly harmless content such as Taylor Swift’s JPEG images as bait. The botnet called MyKings has been active since 2016, according to a press release from SophosLabs. The actors behind MyKings are said to have added bootkit functionality to the malware, making it more difficult to detect and remove.
People seem to like celebrities. Even cryptocurrency hackers have a good opinion of famous people and have recently seen this fact in a case where hackers used images of famous pop singer Taylor Swift to hide malicious code.
MyKings Has Already Raised 3 Million Dollars
The SophosLabs report provides a comprehensive overview of the operation of the botnet, which characterizes as relentlessly redundant attackers. It mainly attacks Windows-based services on which database management systems such as MqSQL and network protocols such as Telnet or servers for surveillance cameras are installed. As the report notes, the creators of the botnet appear to prefer to use open source or other public domain software and have a high level of expertise in adapting and improving the source code. As a result, individual components for carrying out attacks and for carrying out automated update processes can be integrated.
The botnet performs a series of attacks on a server to install executable malware, often a Trojan, which has proven to be the most common payload on infected servers. This Trojan is used to operate various crypto miners on the target hardware. SophosLabs estimates that botnet operators have made approximately 3 million dollars so far.
Hidden Executable File That Automatically Updates The Botnet When It Is Downloaded
An imperceptibly altered image of the pop star Taylor Swift was uploaded to a public repository as a jpg photo together with a hidden executable file that automatically updates the botnet when it is downloaded. Investigations show how sophisticated MyKings persistence mechanism is, which continues through aggressive repetition and self-updating procedures with multiple command combinations.