Hackers Using Taylor Swift Image to Embed Monero (XMR) Miner
Bad actors are now embedding the MyKings Monero (XMR) mining botnet in JPEG images of popular singer, Taylor Swift, in a bid to cover their cryptojacking activities on their hosts’ computers, according to a ZDNet report on December 19, 2019.
MyKings Monero (XMR) Miner on Rampage
Per sources close to the matter, the MyKingz botnet has been in existence since 2017 and it has been powering large cryptojacking operations, infecting a massive 525,000 Windows-based computers during the first few months of its launch and generating a whopping $2.3 million worth of monero (XMR) for its makers.
Also known as Smominru, DarkCloud, or Hexmen, the MyKing botnet reportedly installs various crypto mining apps on the victim’s computer once they get into a system and it also features one of the most sophisticated and diversified internet scanning and infection mechanisms seen in malware botnets.
The Taylor Swift Connection
According to researchers, part of MyKing’s modus operandi is to stealthily search for ports or vulnerabilities in the host computer network and it even targets applications such as MySQL and others.
And once the botnet finds a suitable host to carry out its cryptojacking exploits, it then quickly proceeds to formulate a way to deploy its malware payloads on the system without getting detected by the security software installed on the host’s system.
In the latest instance, cybersecurity experts have revealed that the hackers in charge of MyKingz have now added steganography to their game, making it possible for them to embed malicious files inside clean ones.
“In this instance, hackers behind MyKingz are hiding a malicious executable file (EXE) inside a JPEG image of pop singer Taylor Swift,” declared the team.
This way, anti-malware and other security software installed on the victim’s computer will be tricked into believing that the host system is only downloading a harmless JPEG file, rather than a deadly malware.