MyKings Botnet Lurks Behind JPEG Images Of Taylor Swift
MyKings Botnet Lurks Behind JPEG Images Of Taylor Swift
December 20, 2019
MyKings Botnet Lurks Behind JPEG Images Of Taylor Swift
MyKings Botnet Lurks Behind JPEG Images Of Taylor Swift
December 20, 2019

MyKings, a relentless crypto mining botnet, lurks behind seemingly innocuous content such as JPEG images of Taylor Swift, as the botnet has been active since 2016, according to a December 18 news release from Gabor Szappanos at SophosLabs.

While all “under patched, low-hanging fruit” on the internet to use Sophos’ phrasing has long been vulnerable to its attacks, recently the actors behind MyKings have allegedly added bootkit functionality, which makes it all the more resistant to detection and effective removal.

However, SophosLabs’ report provides a full overview of the botnet’s operations, which Szappanos characterizes as a “relentlessly redundant, i.e. repetitive attacker” that attacks mostly Windows-based services that hosts database management systems such as MqSQL and MS-SQL, network protocols such as Telnet, and even servers running CCTV camera storage.

It has been reported that the botnet’s creators appear to prefer to use open source or other public domain software and are highly skilled at customizing and enhancing source code to insert custom components that can execute attacks and perform automated update processes.

ALSO READ :  Microsoft Employs Blockchain Technology To Purchase Soil Carbon Credits In Australia

The botnet launches a series of attacks against a server with the aim of delivering a malware executable, frequently a Trojan dubbed “Forshare,” which was found to be the most common payload on infected servers. 

Likewise, Forshare is used to ensure that various different Monero (XMR) crypto miners that run on the targeted hardware, with SophosLabs’ estimating that the botnet operators have earned roughly $3 million in Monero to date. This translates into a current income of around $300 per day, due to the cryptocurrency’s recently lower relative valuation.

Moreover, in the studied example, an imperceptibly modified image of Taylor Swift, SophosLabs explains that the .jpg photo had been uploaded to a public repository, concealing within it an executable that would automatically update the botnet when downloaded.

However, SophosLabs’ research reveals that the sophisticated nature of MyKings’ persistence mechanism, which perpetuates itself through aggressive repetition and self-updating procedures using multiple command combinations. 

SophosLabs described:

“Even if most of the components of the botnet are removed from the computer, the remaining ones have the capability to restore it to full strength simply by updating themselves. All of this is orchestrated using self-extracting RAR archives and Windows batch files.”

The report indicates that the countries with the highest number of infected hosts are currently China, Taiwan, Russia, Brazil, the United States, India, and Japan.

It has been analyzed that in November, the software available for download on Monero’s official website,, had been briefly compromised to steal cryptocurrency and drain users’ wallets.

ALSO READ :  Thailand’s DSI To Investigate Alleged Cryptocurrency Pyramid Scheme

Thus, in the same month, Eset, the Slovakian software security firm, revealed that cybercriminals operating a botnet known as Stantinko had been distributing a Monero cryptocurrency mining module through YouTube.

Source: |


Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Bitso Concludes $250 Million Series C Capital Raise

Bitso Concludes $250 Million Series C Capital Raise

Bitso, the Mexico-based cryptocurrency exchange, has concluded a $250 million Series C capital raise, putting it in the upper echelons of Latin America’s fintech industry.  It has been reported that the latest...

Ishita Bora

Ishita Bora is a Senior Content Creator at Digital Notice Media Labs with experience of 1.5 years. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. Her interest lies in blockchain technology and cryptocurrency space. She loves writing about blockchain and other blockchain-related articles.