A powerful botnet that mines crypto on victims’ networks is being spread using pictures of pop superstar Taylor Swift, cybersecurity experts have warned.
The Smominru botnet infects hardware and steals victims’ credentials, installs a Trojan module and a cryptominer, and propagates inside the network.
Now the hackers behind it are using pictures of Swift, who stars in the new Cats film, to spread the bug, according to cybersecurity firm Sophos.
In a blog post, Sophos’ Gabor Szappanos and Andrew Brandt state: “There’s a pretty good chance everyone who reads this story will have had some degree of interaction with a botnet we call MyKings (and others called DarkCloud or Smominru), whether you know it or not.
“For the past couple of years, this botnet has been a persistent source of nuisance-grade opportunistic attacks against the underpatched, low-hanging fruit of the internet. It’s probably knocking at your firewall right now.
“The botnet has begun to experiment with hiding malware payloads in plain sight, storing the file in an image using a process called steganography.
“In this sample image (the Taylor Swift image), a Windows malware executable (identifiable by its characteristic MZ header bytes and text) appears within the image data in a modified .jpg photo of Taylor Swift.
“MyKings’ operators uploaded this innocuous-looking image file to a public repository and then used it to deliver an update to the botnet.”
The botnet has spread throughout the world
During August, the Smominru botnet infected 90,000 machines around the world, with an infection rate of 4,700 machines per day. Countries with several thousands of infected machines include China, Taiwan, Russia, Brazil, and the US.
As the attacks were untargeted and did not discriminate against industries or targets, they reached victims in various sectors. The largest network belongs to a healthcare provider in Italy with a total of 65 infected hosts.
“Unfortunately, this demonstrates that while many companies spend money on expensive hardware, they are not taking basic security measures, such as patching their running operating system,” the report added.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.