Threat Management, Threat Management

Nearly $25M stolen by long-running MyKings botnet

Share

Operators of the long-running MyKings botnet have already raked in at least $24.7 million in multiple cryptocurrencies since 2019, according to ZDNet. Avast researchers found that most of the funds were stolen by MyKings, also known as Hexmen or Smominru, through the use of the clipboard stealer module, which could enable cryptocurrency wallet address swapping. Since last year, more than 144,000 computers have been protected by Avast from the clipboard stealer, which has been in use since 2018. An earlier Sophos report revealed that MyKings' clipboard stealer was a trojan that could track different coin wallet formats used in PCs. "This method relies on the practice that most (if not all) people don't type in the long wallet IDs rather store it somewhere and use the clipboard to copy it when they need it. Thus, when they would initiate a payment to a wallet, and copy the address to the clipboard, the Trojan quickly replaces it with the criminals' own wallet, and the payment is diverted to their account," said Sophos researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.