Recently, security analysts discovered a very cheap, but extremely notorious botnet behind the rampant hacking of crypto wallets. It was discovered that a Russian made botnet costing as less as just around $160 being used to steal crypto coins from wallets across the world every year.
According to research conducted by Prevailing, it was found that a bargain Trojan malware namedMasterMana Botnetwas being used. It sends phishing emailswith malicious code as an attachmentin a mass to all the people dealing with cryptocurrencies. Once the email is opened, the attached code creates backdoors on that particulardevice to drain outthe user’s wallets.
Intelligence director ofPrevailion,Danny Adamitis, in an interview spoke about their finding,
“We assess that the Botnet was interacting with approximately 2,000 machines a week, or 72,000 machines over the course of 2019, based on the snapshot we observed.”
He also said,
“The cost for the threat actors to deploy and maintain the campaign was virtually nonexistent, the hackers would need to spend $60 on leasing a Virtual Private Server and $100 Trojan AZORult from Russia-based cyber-crime forums.”
From the research,it was also found that there was evidence of one of the versionsof major Microsoft Office file formats, which include Word, Excel, PowerPoint, and Publisher being Trojanized.Based on the tactics, techniques, and procedures used by the hackers to siphon off money from the wallets it is suspected that “Gorgon Group,” a group of hackers who have been in action for a very long time and have many such cybercrimes under their belt, are behind these attacks.
The analysis also revealed that the attackers very smartly avoided using popular Trojans; instead, they chose a slightly older version of the malware, which was sophisticated enough, helping in evading most security software.
Adamitis gave tips to avoid such theft,
“We recommended that cryptocurrency investors need to remain particularly vigilant in protecting their personal computer. Having two-factor authentication, such as a hardware token, is recommended when that option is available.”