New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


MyKingz Using Taylor Swift Image to Spread

The prolific mining botnet, MyKingz has begun using an interesting and funny technique to hide their malicious payloads.  By embedding the executable into JPEGs of Taylor Swift, the malware attempts to evade detection products.  While this isn’t a huge risk, it does add to the growing problem of MyKingz, which earns an estimated profit of $300 per day.

Analyst Notes

MyKingz’ primary means of lateral movement is through EternalBlue. Additionally, MyKingz uses brute-forcing of weak passwords in order to gain access to vulnerable systems. Patching systems for MS17-010 and using strong passwords will protect systems from the MyKingz botnet. If patches cannot be conducted in a timely manner, making sure that port 445 is inaccessible from the internet is a quick fix to the issue as well.