Operators of the long-running MyKings botnet have already raked in at least $24.7 million in multiple cryptocurrencies since 2019, according to ZDNet
Avast researchers found that most of the funds were stolen by MyKings, also known as Hexmen or Smominru, through the use of the clipboard stealer module, which could enable cryptocurrency
wallet address swapping. Since last year, more than 144,000 computers have been protected by Avast from the clipboard stealer, which has been in use since 2018.
An earlier Sophos report revealed that MyKings' clipboard stealer was a trojan that could track different coin wallet formats used in PCs.
"This method relies on the practice that most (if not all) people don't type in the long wallet IDs rather store it somewhere and use the clipboard to copy it when they need it. Thus, when they would initiate a payment to a wallet, and copy the address to the clipboard, the Trojan quickly replaces it with the criminals' own wallet, and the payment is diverted to their account," said Sophos researchers.