UPDATED 21:45 EDT / DECEMBER 19 2019

SECURITY

MyKings cryptomining botnet hides code in Taylor Swift photo

A cryptomining botnet operator is using an image of Taylor Swift to infect computers, embedding the malicious code in the image itself.

The botnet, primarily known as MyKings although also known by some security firms as DarkCloud and Smominru, targets Windows-based servers.

Those servers are hosting a variety of services, including MySQL, MS-SQL, Telnet, ssh, IPC, WMI and Remote Desktop. Once through the door, the botnet deploys various cryptocurrency mining apps on the infected system before then attempting to spread itself to others.

According to a report Wednesday from security researchers at Sophos Group plc, the botnet has been detected on 43,900 unique IP addresses, and that the number only includes public IP addresses, not internal addresses. The highest number of infections were found in China, Taiwan, Russia, Brazil, the U.S., India and Japan.

Botnets, particularly those designed for the purpose of cryptomining, are a dime a dozen in 2019, and MyKings itself isn’t new, having first been detected in 2017. But the unique use of Taylor Swift is where the story becomes newsworthy.

Those behind MyKings are using steganography, the process of concealing a file with another file, in this case a picture of Swift. The use of steganography to hide malicious files in a celebrity picture isn’t new either: An attack in 2018 targeted PostgreSQL servers with a cryptominer using a picture of Scarlett Johansson.

But the method is still fairly unusual. The idea of using a picture to hide code is that servers traditionally wouldn’t detect a picture file as malicious, increasing the chances of the cryptominer passing security checks and being installed.

While the use of a Taylor Swift image may be shaking up the world of hacking to some degree, MyKings itself is to be a serious risk to Windows computers and enterprise networks. Those behind the botnet are believed to have already earned about 9,000 Monero over its lifetime with an estimated value of around about $3 million. And the botnet continues to grow.

Photo: evarinaldiphotography/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.