Crryptocurrency Botnet Spreads Using Pictures Of Taylor Swift

An image of a pop star is certainly not an unexpected vector for malware. And that’s precisely what a cryptocurrency botnet is using to spread itself. The botnet goes by four known names: MyKingz, Smominru, or DarkCloud, and it spreads via an infected picture of Taylor Swift.

At first glance, the image looks like any other JPEG file. But buried within it is an EXE file, hidden within the innocent image file. UK cybersecurity firm Sophos says this process is called steganography. And more often than not, the hidden EXE file will be a Trojan known as Forshare. This is usually used to ensure the embedded Monero cryptocurrency miners are running.

Those running the botnet have earned about 9000 XMR which is estimated to be worth around US$3 million (~RM12.4 million). Even now, with the lower Monero exchange rate, the botnet’s income is at about US$300 (~RM1242) a day.

Victims of the botnet are usually the unpatched or underpatched Windows-based systems. The countries with the highest rate of infection include China, Taiwan, Russia, Brazil, the US, India and Japan. It serves as an important reminder to always keep your systems as up to date as you can.

(Source: Sophos via TNW)

The post Crryptocurrency Botnet Spreads Using Pictures Of Taylor Swift appeared first on Lowyat.NET.

from Lowyat.NET https://ift.tt/2MfHAu3