The profits of the MyKings botnet operators since 2019 amounted to approximately $ 24.7 million.
The MyKings botnet (also known as Smominru or DarkCloud), five years after its inception, is still actively spreading, allowing developers to make huge amounts of money in cryptocurrency.
MyKings is a botnet known for its extensive infrastructure and versatile features including bootkits, miners, downloaders, clipboard hijackers, and more. The botnet uses a large number of cryptocurrency wallet addresses. The profits of the MyKings botnet operators since 2019 amounted to approximately $ 24.7 million.
To protect the embedded value of the wallet address from theft and analysis, malware operators encrypt it using a simple ROT cipher. However, the latest samples have not seen any noticeable updates to this functionality.
Avast has discovered a new monetization technique used by MyKings operators using the Steam gaming platform. The latest versions of the malware also have a new URL manipulation system in the clipboard steal module that attackers have created to intercept Steam trade transactions. The module changes the URL of the trade offer, allowing an attacker to steal valuable in-game items, etc.
Similar functionality was added for Yandex cloud storage, where MyKing manipulated URLs sent by users to their acquaintances. The modified links point to the addresses of Yandex storage containing RAR or ZIP archives named “Photos” that install copies of the MyKings malware on the victim’s system.
Catch up on more articles here
Follow us on Twitter here