A photo of Taylor Swift hiding a malicious crypto-mining code

The MyKings encryption botnet hides the code in Taylor Swift’s photo


     A crypto mining botnet operator uses a Taylor Swift image to infect computers, embedding the malicious code in the image itself.

     The botnet, mainly known as MyKings, although also known by some security companies such as DarkCloud and Smominru, targets Windows servers.

     Attacks by MyKings botnet operators follow a predictable pattern: the botnet attempts various attacks against a server. Unpatched or inadequately patched Windows servers can be vulnerable to a wide range of attacks, the aim of which is to deliver a malware executable, most often a Trojan named Forshare.

     These servers host a variety of services, including MySQL, MS-SQL, Telnet, ssh, IPC, WMI, and Remote Desktop. Once passed, the botnet deploys various applications to extract crypto-money from the infected system before attempting to spread to others.

     This has allowed the botnet to grow very quickly. In its first few months of existence, MyKingz reportedly infected more than 525,000 Windows systems, earning its creators more than $2.3 million in Monero (XMR).

     As the MyKingz gang is also a big fan of the EternalBlue exploit, the botnet is buried deep in corporate networks, and its estimated size of half a million bots is probably much larger.

          The image of TAYLOR SWIFT

     The latest development in the way these botnet works was spotted this month by British security company Sophos. The change isn’t a big problem in the grand scheme of things, but it’s both interesting and fun.


     Since MyKingz’s Internet scanning module identifies vulnerable hosts and gains a foothold on infected computers, they need a way to deploy various malware payloads on hacked systems.

          Sophos Labs discovers a Botnet in a JPEG image from Taylor Swift

     Analysis from Sophos Labs, a digital security company, shows that hackers are now trying to infect computers by hiding a malicious EXE file inside what looks like an innocent JPEG image.

     Usually, a popular and much sought-after celebrity does the trick, and this time they’ve chosen American pop singer Taylor Swift.

     According to Sophos, the MyKings team is now experimenting with steganography, a technique that allows them to hide malicious files inside legitimate files.

     The purpose of using this technique is to trick security software running on corporate networks.

     These security products will only see a host system download a banal JPEG file, rather than a very dangerous EXE file.

     MyKings is not, by any chance, the first malware gang to use steganography or celebrity images. 

     Last year, another malware gang used an image of the actress Scarlett Johansson to deploy malware on hacked PostgreSQL databases.

     The MyKings botnet is also one of the most relentless, constantly reappearing and targeting vulnerable Windows machines. 

     It is considered one of the most persistent and large-scale security threats against the operating system, exploiting almost every potential vulnerability opening.

     Hidden exploration is more difficult to catch, compared to the once widespread browser exploration. Botnets have been found to affect servers and computers even at institutions such as CERN. 

     Malicious malware is becoming increasingly difficult to detect as it more effectively hides its business processes. For consumer electronics, it is not so easily hidden and can be extremely damaging.