Concealed crypto mining – using infected computers to produce hashes for specific types of coins – is using more ingenious methods to hide from operating systems. The latest exploit involves an infected image of Taylor Swift.
Sophos Labs Discovers Botnet in Taylor Swift JPEG
Analysis by Sophos Labs, a digital security firm, shows hackers are now trying to infect computers by hiding a malicious EXE file inside what looks like an innocent JPEG image. Usually, a popular, much-searched celebrity does the trick, and this time they chose American pop singer, Taylor Swift.
More about #MyKings botnet…
In this sample image, a Windows malware executable (identifiable by its characteristic MZ header bytes and text) appears within the image data in a modified .jpg photo of Taylor Swift.
— SophosLabs (@SophosLabs) December 19, 2019
The activity comes from a hacker group identified as MyKings, which works to attack Windows machines. Their approach also includes infecting a WAV file, using a similar technique.
The latest discovery shows concealed mining is not going away. Still, the latest Kaspersky reports on risk threats reveal mining malware is slowing down, while crypto ransoms and sextortions increased in the past months.
Concealed Mining Continues, with Lower Asset Prices
One of the reasons for the lowered usage of botnets is the sliding price of most crypto assets. Even Monero (XMR), the most prevalent coin mined on botnets, has fallen significantly to below $50. Other coins that allow CPU mining are also offering very low value.
Additionally, Monero has altered its mining algorithm, in effect requiring hackers to re-establish a new approach to mining. Monero has switched to a RandomX algorithm, which is still accessible for CPU and GPU mining.
The current threat affects Windows-based servers, and Sophos Labs has discovered different attempts to inject malicious code disguised as…