A cryptocurrency-mining botnet is affecting computers with an image of Taylor Swift to expand its malware as extensively as possible.

The operators of MyKingz, contrarily identified as ‘Smominru,’ ‘DarkCloud,’ or ‘Hexmen,’ are leveraging steganography, a method that allows them to store malicious files inside authentic ones, according to U.K. cybersecurity firm Sophos.

The objective of using this method is to deceive security software working on enterprise networks. These security products will only see a host system downloading a banal JPEG file, instead of a much dangerous E.X.E. file. In this case, they are storing a malicious E.X.E. inside a legitimate JPEG picture of Swift.

“There’s a pretty good chance everyone who reads this story will have had some degree of interaction with a botnet we call MyKings (and others call DarkCloud or Smominru), whether you know it or not.

For the past couple of years, this botnet has been a constant source of nuisance-grade opportunistic attacks against the under patched, low-hanging fruit of the internet. It’s probably knocking at your firewall right now. They certainly wouldn’t be the first,” Sophos informed.

MyKingz was first found in the wild in 2017. It is now charged with being one of the most massive cryptocurrency-mining malware possible.

The malware principally concentrates on Windows systems, where they deploy various cryptocurrency-mining apps, which they use to generate profits by an infected device’s resources. It highlights one of the most advanced scanning and infection mechanisms recognized in botnets. It targets almost everything, including Telnet, MySQL, W.M.I., MS-SQL, ssh, I.P.C., Remote Desktop (RDP), and even the servers that manage CCTV camera storage.

During its initial months, MyKingz reportedly tainted over 525,000 Windows systems, profiting more than $2.3 million worth of Monero (X.M.R.).

The nations with the highest population of infected hosts include Russia, China, Brazil, Taiwan, U.S.A., Japan, and India.

It’s expected that MyKingz affects about 4,700 new systems every day. The botnet’s comprehensive income is about $300 per day, mainly due to a reduction in Monero’s exchange rate, Sophos added.