With millions of dollars of cryptocurrency slipped from crypto wallets every year, security researchers were surprised to find one active botnet being marketed for about $160.
The bargain Trojan malware is called MasterMana Botnet, which uses mass mailing to send phishing emails with appendages containing malicious code to crypto investors. Once someone clicks on the email, the code will create backdoors on their computer to unused their wallets, according to a recent research conducted by Prevailion.
“Based on what we’ve observed, the MasterMana Botnet had a worldwide impact on organizations across a wide variety of verticals,” Danny Adamitis, intelligence director at Prevailion, told CoinDesk.
“We assess that the Botnet was interacting with around 2,000 machines a week, or 72,000 machines over the course of 2019, based on the snapshot we observed,” Adamitis believed.
The research saw references in the code that indicated the threat actors could have Trojanized a version for the major Microsoft rank formats, including Word, Excel, PowerPoint and Publisher.
Based upon exhibited tactics, techniques, and procedures (TTPs), the researchers beget associated it with the “Gorgon Group”, a notorious hacker collective active for numerous years that has been recognized for cybercrime and intelligence operations
“The cost for the threat actors to deploy and maintain the campaign was virtually nonexistent,” Prevailion bring up in the research report. The hackers would need to spend $60 on leasing a Virtual Private Server and $100 Trojan AZORult from Russia-based cyber-crime forums, Prevailion said.
The scrutinize suggested the cost for earlier attacks could have been cheaper as they used a similar Trojan entitled Revenge Rat which had been free through Sept. 15.
A higher-than-average success rate for such attacks depends on the variant of the Trojan the hackers are using in the campaign.
“Based on the level of sophistication displayed in this campaign, we believe that the menace actors struck a sweet spot,” the report said.
In other words, the hackers stay under the radar by refrain froming popular commodity malware such as Emotet, while using a slightly older Trojan that is still soigne enough to evade most security software detection.
According to the research, the campaign was still active as late as Sept. 24 and it suspects that this detailed threat actor is likely to continue operations, as previous public reporting has not deterred them.
“We recommend that cryptocurrency investors sine qua non to remain particularly vigilant in protecting their personal computer. Having two factor authentication, such as a hardware nominal is recommended when that option is available,” Adamitis said.
Powered by WPeMatico