“MasterMana Botnet” continues to spread

The Russian botnet has infected more than 72,000 devices in 2019 stealing cryptocurrencies from hot wallets

Faisal Khan
Oct 8, 2019 · 3 min read

The problem of malware running wild on the Internet has become a common occurrence as cybersecurity researchers continue to discover new strains of these active online threats. Another recent discovery is the Trojan malware called Botnet. The Russian trojan malware gets delivered as a phishing email scam and once someone clicks on the email, the malicious code gets activated creating a backdoor to the hot crypto wallets of the client.

According to the recent report by a Cybersecurity management firm Prevailion — the trojan was still active as late as 24 September 2019. The malware operation which began in December 2018 has affected more than 72,000 devices. Every time the price of cryptos rises, the threat of such nefarious activities grows as well.

Prevailion determined that hackers were originally using Revenge Rat — a well-known remote access trojan (RAT) tool, which is available online for free but have now shifted to another well-known RAT, . The latter has been available for about $100 on certain forums with an additional cost of $60 for a Virtual Private Server (VPS). Despite costing $160, the malware has achieved tremendous success.

Unfortunately, these incidents are not few & isolated. In a related incident, a Slovakia-based IT security company has discovered a banking trojan — dubbed as “” or “,” the malware targets cryptocurrency services located in Brazil and Mexico.

The malware employs a social engineering method to spread and infect the target machines. It achieves this by displaying fake pop-up windows, where users are misled into entering sensitive information, which is eventually stolen.

The malware is typical of trojan malware affecting Latin American banking. It can take screenshots, simulate keyboard actions & capture keystrokes while restricting access to certain websites. In addition, the malware uses multiple cryptographic algorithms to protect its data & identity.

More recently, Amerian Internet infrastructure firm Juniper Networks warned users of similar spyware called and , which uses the Telegram app to replace crypto addresses with its own.

While big Companies & Corporations continue to worry from advanced actors, easy to deploy tailor-made malware solutions like MasterMana can cause serious damage. Layered security solutions like properly configured firewalls, email protection, and end-point antivirus solutions are their best bets against these threats.

Individual Crypto asset owners should try to keep their holdings in cold wallets and employ additional security features like 2-factor authentication & & updated antivirus on their systems. And one very simple tip to follow, NEVER open an email from an unknown source.

Stay informed with the content that matters — Join my mailing list


Empowering you with Technical, Scientific & Financial knowledge

Faisal Khan

Written by

Content Specialist in Cryptocurrencies | Blockchain | Financial Markets | Technology | Future | Science | Space


Empowering you with Technical, Scientific & Financial knowledge

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade