Every year, millions of dollars of cryptocurrency stolen from crypto wallets. Security researchers were surprised to find one active botnet being run for just about $160.
The bargain Trojan malware is called MasterMana Botnet. It uses mass mailing to send phishing emails with attachments containing malicious code to crypto investors. Once someone clicks on the email, the code will create backdoors on their computer to empty their wallets.
72,000 machines over the course of 2019
Based on what we’ve observed, the MasterMana Botnet had a global impact on organizations across a wide variety of verticals. We assess that the Botnet was interacting with approximately 2,000 machines a week, or 72,000 machines over the course of 2019, based on the snapshot we observed.Danny Adamitis, intelligence director at Prevailion.
The research saw references in the code that indicated the threat actors could have Trojanized a version for the major Microsoft file formats, including Word, Excel, PowerPoint and Publisher.
Based upon exhibited tactics, techniques, and procedures (TTPs), the researchers have associated it with the “Gorgon Group”. A notorious hacker collective active for numerous years that has been known for cybercrime and intelligence operations.
Hackers need to spend only $160
“The cost for the threat actors to deploy and maintain the campaign was virtually nonexistent,” Prevailion said in the research report. The hackers would need to spend $60 on leasing a Virtual Private Server and $100 Trojan AZORult from Russia-based cyber-crime forums.
The research suggested the cost for earlier attacks could have been cheaper as they used a similar Trojan called Revenge Rat which had been free through Sept. 15.
In other words, the hackers stay under the radar by avoiding popular commodity malware such as Emotet. While using a slightly older Trojan that is still sophisticated enough to evade most security software detection.
We recommend that cryptocurrency investors need to remain particularly vigilant in protecting their personal computer. Having two factor authentication, such as a hardware token is recommended when that option is available.Adamitis said