• Subsequently, cybercriminals added support for the EternalBlue exploit into newer versions of MyKings. This functionality is not integrated into the spreader program, but exists as a separate executable, converted from Python scripts, that is downloaded and executed by the main spreader program.  

Global prevalence and characteristics  

As indicated in the MyKings report, the worldwide activity map includes approximately 45,000 impacted hosts. Top countries include: China, Taiwan, Russia, Brazil, United States, India, and Japan.   

Other key findings unveiled: 

  • The botnet can spread by attacking weak username/password combinations via MySQL, MSSQL, telnet, ssh, IPC, WMI, RDP, CCTV connections
  • The main payloads are the Forshare trojan and various Monero cryptominers 
  • The botnet still mines about 5 XMR ($300), per day 

Advice for defenders 

  • Keep computers up-to-date with security patches. MyKings uses EternalBlue which was patched two years ago 
  • Change default passwords and apply strong, unique passwords. MyKings uses known weak passwords to attack web services 
  • Do not expose Server Message Block (SMB), Remote Desktop Protocol (RDP) and similar remote access services to the Internet 
  • Use up-to-date security software
  • IT and cybersecurity professionals can also stay in tune with global trends and cyber-defense thinking through web content and the email newsletter of CybersecAsia.net