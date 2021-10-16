World's Largest Botnet Steals Millions of Dollars with a Simple Scam

The world’s largest botnet, MyKings, is still running and, according to an Avast report, has accumulated at least US$ , 7 million (BRL 144, 8 thousand, at the current price) using its network of infected computers to mine cryptocurrencies.

The MyKings botnet, also known by the names Smominru and Hexmen, gained attention in 2017, when it infected over half a million Windows computers and used them to mine $2.3 million (approximately R$ 10, 5,000 in conversion current from the dollar to the real) of the Monero cryptocurrency in ce about a month.

However, a report released by Avast states that the botnet has already profited about US$ , 7 million (about R$ 134, 8,000, at the current price) using a trojan called clipboard stealing module (clipboard stealing module, in free translation), created in 2017.

Basically, this malicious agent identifies when the user of an infected computer has copied an address from a digital wallet, and exchanges the sequence for one that identifies repositories controlled by criminals.

The real effectiveness of the MyKings trojan horse

Amount of cryptocurrencies received by digital wallets connected to MyKings. (Image: Disclosure/Avast)

A Sophos report, published in 2018, identified that the clipboard stealing module can identify various types of digital wallet addresses, and that its effectiveness occurs mainly because most people copy and paste the addresses of digital financial repositories, which are usually long, instead of typing them.

However, the Sophos survey claims not to have found more than a few dollars in 49 digital wallets supposedly connected with MyKings, making the institute suspect that the cryptocurrency theft part represents little profit for the botnet. At the time of the Sophos report, on the other hand, mining by compromised machines generated just over US$ 12 thousand (approximately R$ 55 thousand, at the current price), giving the impression of yielding more to criminals.

Avast’s report released last Tuesday (24) however, argues that, currently, the module is responsible for a good part of the criminals’ profits, with amounts in Bitcoin, Dogecoin and Etherium being received by the wallets, which have gone from 49 in 2019 for more than 2017 in 518247.

Avast cites as evidence of the functioning of the module “user comments ” from Ether Scan who claimed to have “accidentally” transferred amounts to some of the digital wallets found in the survey, in addition to citing that their antivirus solutions blocked the malicious module in more than 134 thousand computers since the beginning of 2020.

For security purposes, Avast advises users to always double-check the addresses of digital wallets when making transfers.

Source: ZDNET, Sophos, Avast

