Cryptocurrency botnets are currently dangerous threats imposed on internet users. One such botnet, MyKingz, also known as Smominru, Darkcloud, etc are using image of singer Taylor Swift, in order to hide their malware payloads. MyKingz is coined many names by different security agencies, but irrespective of the names, the function is more or less the same, that is, attacking Windows OS based devices. MyKingz has already infected more than 525,000 Windows devices, extracting more than $2.3 million worth of monero. The botnets install various cryptocurrency mining apps camouflaged as a harmless image or GIF or something like that.
MyKingz cryptocurrency botnet was first discovered by data security scientists in 2017. Presently, it is the most notorious and maliciocious crypto-mining malware circulating in the internet. It deploys a very efficient and robust scanning infection mechanism, which is very hard to detect. It can attack a plethora of systems and technologies, from Telnet to SSH, RDP to IPC. WMI, etc.
Now, coming to the Taylor Swift image issue, MyKingz has adopted an interesting and unconventional take on its existing scheme of cryptocurrency extraction. It has hidden a malicious .exe file inside the image file of Taylor Swift. This process is called steganography. It misleads the security software into believing that the user has downloaded a JPEG image file, whereas, in reality, the user has downloaded a harmful .exe file. MyKingz is not the first botnet to deploy steganography, but because of its notoriety, the concern is huge. If your device has been left unpatched or have unprotected ports, then it is likely to be attacked by this botnet.
You can check out the official report here