Unique to the crypto industry, operators of a notorious crypto-mining botnet are currently adding an image of a famous pop singer as a payload: Taylor Swift. This image hides a malware payload that infects computers with crypto mining malware, as per the standard infection chain of the botnet.
Many Names, One Large Threat
The botnet in question has several names about it, mostly depending on the cybersecurity firm that’s giving the report about them. The names MyKingz, DarkCloud, Smominru, and Hexmen all mean the same group, only from various firms. For the sake of this article, the name MyKingz will be used.
The MyKingz botnet was spotted back in late 2017. Ever since its discovery, the botnet has held the infamous title of being the largest malware operation on the market. The MyKingz operators are majorly focused on windows systems, wherein they deploy an array of crypto mining apps to generate profit by way of the device’s compromised resources.
A Hailstorm of Attacks
MyKingz is known for the sheer diversity in scope when it comes to the infection vectors and internet scamming of the botnet. If there’s some sort of port, vulnerability or exploit, MyKingz has some finger in that pie. The operators of MyKingsz make use of everything from Telnet to SSH, MySQL to MS-SQL, to RDP and even rarer formats like WMI or IPC.
Sophos, a UK-based cybersecurity firm, spotted the latest addition to the botnet’s ever-expanding modus operandi this month. In the grand scheme of things, this is neither new, significant, or even groundbreaking. The problem isn’t Taylor Swift’s image being used, as mildly amusing as that is, it’s more of it being a drop in a lake of other avenues MyKingz uses for exploitation.
A New Plan
Sophos states that this is one of the MyKingz operator’s new foray of experimentation in steganography, or rather to hide a malicious program within an otherwise legitimate file. In this case, all MyKingz is doing is hiding a malicious EXE file within a JPEG image.
Through doing so, the operatives hope to trick security software on enterprise networks into believing the image has no flaws. The security services will only see the JPG file being downloaded to the host system, instead of the far more dangerous EXE file.
As stated before, the issue isn’t this picture in question; it’s MyKingz’s sheer ability to be one of the biggest threats to Windows computers and enterprise networks. The botnet has been holding that title for two years, showing no mercy to any system vulnerability.