MyKings botnet appeared in the wild five years ago and is one of the most analyzed botnets in history.
A botnet is a collection of infected computers or other internet-connected devices that collaborate to carry out the same malicious acts, such as spam campaigns or distributed denial-of-service assaults. Online criminals can remotely manage the network to serve their own goals, allowing them to escape detection and legal prosecution by law enforcement agencies.
What Makes MyKings Botnet Special?
The MyKings botnet, also known as Smominru, is a mash-up of multiple security trends. The creators of MyKings have also experimented with steganography, a common technique used for hiding malware in a benign-looking picture.
The botnet was able to conceal its dump (in.exe format) behind pictures utilizing steganography, therefore making it able to hide an.exe (an executable file) within a JPEG image file.
The dangerous .exe file self-executes and launches a cryptocurrency miner to generate Monero because antivirus software only checks the genuine JPEG image.
This botnet is particularly interesting for researchers as it uses a complex infrastructure alongside versatile features, like bootkits, miners, droppers, and clipboard stealers.
The researchers at Avast were the last ones to run an analysis on the botnet after