An image of a pop star is certainly not an unexpected vector for malware. And that’s precisely what a cryptocurrency botnet is using to spread itself. The botnet goes by at least three known names: MyKingz, Smominru, and DarkCloud, and it spreads via an infected image of Taylor Swift.
At first glance, the image looks like any other JPEG file. But buried within it is an EXE file. UK cybersecurity firm Sophos says this process is called steganography. And more often than not, the hidden EXE file will be a Trojan known as Forshare. This is usually used to ensure the embedded Monero cryptocurrency miners are running.
Those running the botnet have earned about 9000 XMR which is estimated to be worth around US$3 million (~RM12.4 million). Even now, with the lower Monero exchange rate, the botnet’s income is at about US$300 (~RM1242) a day.
Victims of the botnet are usually the unpatched or underpatched Windows-based systems. The countries with the highest rate of infection include China, Taiwan, Russia, Brazil, the US, India and Japan. It serves as an important reminder to always keep your systems as up to date as you can.