Cryptocurrency-Mining botnet operators are allegedly using an image of Taylor Swift, one of the biggest pop stars of the world, as part of their normal infection chain to conceal malware payloads they send to their computer’s victims, and use their resources to mine privacy coin Monero (XMR), as per the news release from SophosLab on Dec. 18.
MyKingz, also known as DarkCloud or Smominru, was first spotted in 2016 and has been the leading crypto-mining malware operation on the market. Its group focuses primarily on infecting Windows systems, where they install different crypto-mining applications that they use to generate profits from the resources of an infected computer.
According to the report, the botnet’s creators seem to prefer using open source or other tools for the public domain and are highly skilled in customizing and upgrading source code to incorporate custom components that can execute attacks and automated upgrade processes.
In this case, a malicious EXE is concealed within a JPEG image of pop singer Taylor Swift by the MyKingz crew. Experts call it steganography, which allows them to hide malicious files inside authentic ones. Using this strategy is intended to trick the security software that runs on corporate networks where only a host device will see these security products uploading a banal JPEG file, rather than a risky EXE file.
Sophos reports that MyKingz operators are currently making an average of about $300/day, taking their historical total to around 9,000 XMR, worth over $3 million today.
China, Taiwan, Russia, Brazil, the United States, India, and Japan are among the countries with the highest number of infected hosts, as per the report.