As seen several times in recent years, malware related to crypto and mining can be embedded in different places, as was the case with an audio file. Now it’s the turn of photos, where malware is hidden within images (steganography), as occurred with a photo of the singer Taylor Swift, thanks to which Monero (XMR) is mined on the victims’ terminals.
The malware was discovered by the Sophos team that reported the case and analysed it, finding out interesting things about both the criminals behind the malware and the type of malware in question.
Behind the malware lies a criminal group with different names, MyKings, DarkCloud or Smominru, and their botnet targets mainly victims with Windows systems that use different server services, such as MySQL, MS-SQL, Telnet, ssh, IPC, WMI, Remote Desktop (RDP) or even servers that manage closed-circuit cameras (CCTV).
The report also showed that this botnet has gained a foothold mainly in Asia, particularly in countries such as China, Taiwan, Japan, but also Russia, Brazil, India and the US, hence a very large network.
In this case, the modified image of singer Taylor Swift was used to send instructions to infected machines and send different versions to mine the Monero (XMR) cryptocurrency, which is the one that allows greater anonymity.
So far, this botnet has allowed criminals to collect about 9000 XMR, although their value at the moment is not very high since the price of a token is around $50.
This is in line with a recent report by Bitdefender, which pointed out that attacks by criminals are increasingly difficult and specific, and that in 2020 it is expected that there will be ever more security problems.