The MyKings botnet has been active and spreading since 2016. The botnet, also known as Smominru or DarkCloud, was most recently analyzed by Avast Threat Labs with 6,700 unique samples collected since the beginning of 2020. The research looked at the vast infrastructure of the botnet, which contains bootkits, miners, droppers, clipboard stealers, and more. To date, most attacks have been observed in Russia, India, and Pakistan.
The operators of the campaign have accumulated millions of dollars in Bitcoin, Ethereum, and Dogecoin accounts. Researchers used a script that queries the amount of cryptocurrency transferred through a crypto account and confirmed that more than $24,700,000 worth of cryptocurrencies was transferred through coin addresses linked to MyKings. However, since the botnet uses more than 20 cryptocurrencies in total, this amount is only a part of its total financial gains.