Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Hiding Malware Downloads in Taylor Swift Pics
#1
Quote:SophosLabs just published a new report on an intriguing but lesser-known part of the malware scene known as MyKings.

You probably haven’t heard of MyKings, mainly because it’s not ransomware and the gang isn’t currently slamming businesses up against the wall by demanding money, so it hasn’t made big enough waves to make the headlines. In simple terms, MyKings is all about illicit Monero cryptomining, and at the current low price of Monero, our researchers estimate that on some days the crooks are only making about $300. For all we know, MyKings might be little more than a sideline hobby for the people running it (albeit a hobby pulling in a quiet and untaxed $100,000 a year, of course). Compared to the multimillion dollar extortions that some cybercrime gangs are demanding for ransomware recovery, it’s easy to write off malware like MyKings as unimportant and therefore not worth trying to learn from. But that couldn’t be further from the truth, because the MyKings story gives a fascinating insight into a type of cybercrime that involves a huge amount of complexity, and has a surprising reach.

According to SophosLabs research, the MyKings crew :
  • Currently have about 45,000 infected computers in their Monero-mining botnet, up from about 35,000 a year ago.
  • Can upgrade their malware code on infected computers at will.
  • Are using surprisingly sophisticated ‘rootkit’ tricks to get kernel access and to avoid detection.
  • Also go after your local cryptocoin wallets.
  • Employ a ‘fileless’ password stealing tool to crack passwords and spread on your network.
  • Use the ETERNALBLUE exploit to spread.
  • Kill off numerous security products or stop them loading at all.
  • Get rid of rival cryptomining software and other programs of their choice.
  • Rewrite your firewall rules to keep rival crooks out.
  • Hide malware downloads inside innocent-looking images to complicate detection.


Read More...  https://nakedsecurity.sophos.com/2019/12...bs-report/
Reply




Users browsing this thread: 1 Guest(s)