Home Malware Programs Botnets MyKings Botnet

MyKings Botnet

Posted: December 19, 2019

The MyKings Botnet is a network of Trojans that hijacks vulnerable Windows servers and uses them for mining cryptocurrency. Infections usually will include additional threats, such as the backdoor Trojan Forshare. Site administrators should strengthen their security practices for proactive protection and use anti-malware services for removing the MyKings Botnet's bots.

A Royal Sovereign over Monero Coins

The MyKings Botnet is a long-running, decentralized network of Trojans. While the eventual aim of a MyKings Botnet infection is little more than making Monero, the botnet is impressive for the depth of redundancy in its features. It also is an accurate showing of how many botnets 'earn' their place on the Internet, today: by grabbing the lowest hanging fruit.

The MyKings Botnet spreads through targeting weakly-secured servers on Windows machines. It searches for outdated software, accessible RDP, brute-forcible credentials, etc., and even is compatible with dedicated CCTV hardware. Although malware experts have long since rated the MyKings Botnet's activities as being global, Asian nations are at high risk statistically. Countries with the highest infection rates include China, Russia and Taiwan.

The MyKings Botnet drops a variant of the backdoor Trojan, Forshare, which runs the cryptocurrency-mining module. This activity lets 'zombie' servers in the botnet generate coins for the threat actors, potentially burning out hardware or causing performance issues as they do so. The MyKings Botnet also joins the numbers of many threats that close and remove both competing Trojans and some AV solutions through a series of 'taskkill' commands and scheduled tasks.

Toppling the Throne of Illicitly-Gained Wealth

The MyKings Botnet is an open-source threat, but not due to any incompetence on its authors' parts. Modifications over time display significant competence and willingness for experimenting with different evasion methods, such as picture-abusing steganography (a la Titanium, Okrum, and others). It also is capable of automatic reinstallation, assuming that core components like the 'c3' batch file are intact.

Server administrators should maintain all appropriate practices for limiting the spread of the Trojan network, such as:

  • Deactivating Remote Desktop features and securing the with strong passwords
  • Using credentials that aren't weak to brute-force attacks (such as 'admin123')
  • Installing security patches for server software as soon as possible
  • Operating under the philosophy of 'principle of least privilege' for user accounts
  • Conducting regular server audits
  • Storing backups in secure locations

Most Windows anti-malware tools should detect and delete the MyKings Botnet's bot, the Forshare Trojan, and the associated Monero miner automatically. However, updating threat databases can be integral to accurate identifications for regularly-updated and maintained threats like this one.

The MyKings Botnet makes its money – millions of dollars worth of it – off of the backs of those who forget their server's safety. Since inviting a Trojan inside is much easier than getting it out again, one always should stop and reconsider when avoiding an inconvenient update or a new choice of password.

Loading...