The MyKings botnet has been active and spreading since 2016. The botnet, also known as Smominru or DarkCloud, was most recently analyzed by Avast Threat Labs with 6,700 unique samples collected since the beginning of 2020. The research looked at the vast infrastructure of the botnet, which contains bootkits, miners, droppers, clipboard stealers, and more. To date, most attacks have been observed in Russia, India, and Pakistan.
The operators of the campaign have accumulated millions of dollars in Bitcoin, Ethereum, and Dogecoin accounts. Researchers used a script that queries the amount of cryptocurrency transferred through a crypto account and confirmed that more than $24,700,000 worth of cryptocurrencies was transferred through coin addresses linked to MyKings. However, since the botnet uses more than 20 cryptocurrencies in total, this amount is only a part of its total financial gains.
The MyKings malware has already spread to over 520,000 infections with what appears to be a constantly changing infection method. The size of the botnet continues to grow while still managing to remain hidden from law enforcement.
Quick detection and response are essential for organizations to combat these types of attacks. Using Managed Detection and Response (MDR) services, such as the Binary Defense MDR solution, enables organizations to recognize threats quickly, provides the ability to investigate incidents, and provides context by correlating seemingly unrelated indicators to see a coherent whole.