“MasterMana Botnet” continues to spread
The Russian botnet has infected more than 72,000 devices in 2019 stealing cryptocurrencies from hot wallets
The problem of malware running wild on the Internet has become a common occurrence as cybersecurity researchers continue to discover new strains of these active online threats. Another recent discovery is the Trojan malware called MasterMana Botnet. The Russian trojan malware gets delivered as a phishing email scam and once someone clicks on the email, the malicious code gets activated creating a backdoor to the hot crypto wallets of the client.
According to the recent report by a Cybersecurity management firm Prevailion — the trojan was still active as late as 24 September 2019. The malware operation which began in December 2018 has affected more than 72,000 devices. Every time the price of cryptos rises, the threat of such nefarious activities grows as well.
Prevailion determined that hackers were originally using Revenge Rat — a well-known remote access trojan (RAT) tool, which is available online for free but have now shifted to another well-known RAT, Azorult. The latter has been available for about $100 on certain forums with an additional cost of $60 for a Virtual Private Server (VPS). Despite costing $160, the malware has achieved tremendous success.
Unfortunately, these incidents are not few & isolated. In a related incident, a Slovakia-based IT security company has discovered a banking trojan — dubbed as “Casbaneiro” or “Metamorfo,” the malware targets cryptocurrency services located in Brazil and Mexico.
The malware employs a social engineering method to spread and infect the target machines. It achieves this by displaying fake pop-up windows, where users are misled into entering sensitive information, which is eventually stolen.
The malware is typical of trojan malware affecting Latin American banking. It can take screenshots, simulate keyboard actions & capture keystrokes while restricting access to certain websites. In addition, the malware uses multiple cryptographic algorithms to protect its data & identity.
More recently, Amerian Internet infrastructure firm Juniper Networks warned users of similar spyware called Masad Clipper and Stealer, which uses the Telegram app to replace crypto addresses with its own.
While big Companies & Corporations continue to worry from advanced actors, easy to deploy tailor-made malware solutions like MasterMana can cause serious damage. Layered security solutions like properly configured firewalls, email protection, and end-point antivirus solutions are their best bets against these threats.
Individual Crypto asset owners should try to keep their holdings in cold wallets and employ additional security features like 2-factor authentication & & updated antivirus on their systems. And one very simple tip to follow, NEVER open an email from an unknown source.