Computer hackers are spreading infected images of Taylor Swift through a major botnet to sneakily mine the cryptocurrency Monero. Inside the image hackers hide an executable file, which infects the computer of its victims. According to tech website ZDnet the source of this new threat is cryptocurrency mining botnet MyKings, a.k.a. Smominru, Darkcloud or Hexmen.
This is one of the first experiments of the hackers group into the art of steganography. This is a technique that allows than to hide malicious files in other files, like for example in audio files or in this case in an image of Taylor Swift.
As soon as the image has been opened, an executable will run. This is the beginning of a series of events that will ultimately make a computer into another slave in the botnet.
One of the biggest crypto mining botnets
MyKings started two years ago, and focuses mainly on Windows systems. According to ZDnet MyKings is ‘one of the most diversified internet scanning and infection mechanisms seen in malware botnets’. They target every aspect of Windows machines, from MySQL to Telnet, SSH and even Remote Desktop. The botnet team also focuses on corporate networks, using the infamous EternalBlue exploit. Their main objective is to infect computers and use their computing power for mining. Researchers also call this cryptojacking.
In late August the botnet had reportedly infected over half a million computers worldwide to mine the cryptocurrency Monero. Most victims of the MyKings botnet are from China, Taiwan, Russia, Brazil, the United States, India and Japan. It’s estimated that the group made $3 million from their mining activities. A report from Carbon Black suggests that the group infects 4700 new systems per day. While security firm Sophos thinks they make at least $300 per day at the current exchange rates.
Cryptojacking becoming less popular
Despite the ever lasting threat of crypto mining malware and botnets, the threat is slowly getting less. Security firm Kaspersky published a report in which the noted that the infections by cryptocurrency mining malware has seen a drop of 59% year-over-year. Instead cyber criminals are using ransomware and targeting governments, public services and other institutions that don’t pride themselves with the best internet security.
However, cryptojacking is still a very young phenomenon. It’s something that had it’s big success in 2018. In that year the amount of crypto-mining malware increased with 4467 percent. However, the spreading of malware is becoming more sophisticated, like for example hiding in an image of Taylor Swift.
How to prevent cryptojacking
Is your computer becoming slow, or is your processor working overtime? Sounds like your computer might be mining Monero for somebody. Perhaps it’s a good idea to install some quality internet security software. To prevent cryptojacking, live by these golden rules:
- Never click on shady links and websites.
- Never open e-mails and its attachments from unknown sources.
- Install ad blocking browser extensions, or just use Brave.
- Keep your software, browser extensions, and mobile apps up-to-date.
- And if you run a business, keep your APIs closed, and educate your employees!
Also published on Medium.