MyKingz Botnet Now Uses Taylor Swift Images To Hide Malware

bitcoin security

Unique to the crypto industry, operators of a notorious crypto-mining botnet are currently adding an image of a famous pop singer as a payload: Taylor Swift. This image hides a malware payload that infects computers with crypto mining malware, as per the standard infection chain of the botnet.

Many Names, One Large Threat

The botnet in question has several names about it, mostly depending on the cybersecurity firm that’s giving the report about them. The names MyKingz, DarkCloud, Smominru, and Hexmen all mean the same group, only from various firms. For the sake of this article, the name MyKingz will be used.

The MyKingz botnet was spotted back in late 2017. Ever since its discovery, the botnet has held the infamous title of being the largest malware operation on the market. The MyKingz operators are majorly focused on windows systems, wherein they deploy an array of crypto mining apps to generate profit by way of the device’s compromised resources.

A Hailstorm of Attacks

MyKingz is known for the sheer diversity in scope when it comes to the infection vectors and internet scamming of the botnet. If there’s some sort of port, vulnerability or exploit, MyKingz has some finger in that pie. The operators of MyKingsz make use of everything from Telnet to SSH, MySQL to MS-SQL, to RDP and even rarer formats like WMI or IPC.

Sophos, a UK-based cybersecurity firm, spotted the latest addition to the botnet’s ever-expanding modus operandi this month. In the grand scheme of things, this is neither new, significant, or even groundbreaking. The problem isn’t Taylor Swift’s image being used, as mildly amusing as that is, it’s more of it being a drop in a lake of other avenues MyKingz uses for exploitation.

A New Plan

Sophos states that this is one of the MyKingz operator’s new foray of experimentation in steganography, or rather to hide a malicious program within an otherwise legitimate file. In this case, all MyKingz is doing is hiding a malicious EXE file within a JPEG image.

Through doing so, the operatives hope to trick security software on enterprise networks into believing the image has no flaws. The security services will only see the JPG file being downloaded to the host system, instead of the far more dangerous EXE file.

As stated before, the issue isn’t this picture in question; it’s MyKingz’s sheer ability to be one of the biggest threats to Windows computers and enterprise networks. The botnet has been holding that title for two years, showing no mercy to any system vulnerability.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • Excellent choice for U.S. customers
  • Paypal accepted
  • CySEC & FCA regulated
  • Buy 12+ cryptocurrencies

eToro Reviews

    eToro Reviews your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Established stock-exchange listed company
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees and low spreads

    Plus500 Reviews

      Plus500 Reviews your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Views expressed are those of the writers only. Past performance is no guarantee of future results. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate. This website is free for you to use but we may receive commission from the companies we feature on this site.

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.