Author

Topic: [BEWARE] MasterMana Botnet Malware Attack on Crypto Wallets (Read 219 times)

hero member
Activity: 750
Merit: 511
read the full email address of the sender.

That is the wrong advice if I understand you correctly.
How will this help in case of e-mail spoofing, when the sender can change the value of the 'sender' field to one that does not belong to him?
legendary
Activity: 2212
Merit: 7064
Common sense is best defense here. Many anti-malware programs are trojan's themselfs. Even if anti-malware program is legit, its never guaranteed it will be able to protect you!
You doing it good, maybe a little bit overkill with not even actually reading emails but if you are using email software like outlook or others it can protect you against 0-day explits on email software.
In the end there is no limit to how secure you can be, you can always spend some extra time to do something more secure way. Laziness is biggest enemy then Smiley

Good idea would also be NOT to use single email service provider (example Gmail)
but use alternatives for work and crypto related stuff. (Tutanova, Mailfence...)
read the full email address of the sender.
And do not expose all your email addresses in public.
legendary
Activity: 2296
Merit: 1014
Did you know some program that blocks these kind of malware?. I'm afraid that some of those programs are not what we think it is. It is hard to know if that email is safe or not and which is why I don't open the emails I received. Until now, I have lots of emails that I received and haven't open any of it except the important ones and the ones I know. @Op: thanks a lot for spreading this kind of malware and how it works.
Common sense is best defense here. Many anti-malware programs are trojan's themselfs. Even if anti-malware program is legit, its never guaranteed it will be able to protect you!
You doing it good, maybe a little bit overkill with not even actually reading emails but if you are using email software like outlook or others it can protect you against 0-day explits on email software.
In the end there is no limit to how secure you can be, you can always spend some extra time to do something more secure way. Laziness is biggest enemy then Smiley
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Pretty well designed attack. Its great you spreading knowledge, even if warning about 1 trojan threat from 500 out there, its spreading awareness about security.
Dont open unknown attachments or open/execute unknown files on your smartphone/PC.
This simplep rule won't get you infected that easily. It will protect from around 95% of threats i bet.
Did you know some program that blocks these kind of malware?. I'm afraid that some of those programs are not what we think it is. It is hard to know if that email is safe or not and which is why I don't open the emails I received. Until now, I have lots of emails that I received and haven't open any of it except the important ones and the ones I know. @Op: thanks a lot for spreading this kind of malware and how it works.
legendary
Activity: 2296
Merit: 1014
As Prevailion Team reported,
MasterManna Trojan Malware uses mass phishing emails with malicious attachments sent to crypto investors.

Step 1 - Phishing E-Mails
Step 2 - Infected Document Attachments
Step 3 - Bitly Link Redirection to “TeamMana” Blogspot
Step 4 - Creating Scheduled Tasks and Registry Keys
Step 5 - Downloading and Loading the Trojan
Step 6 - Analysis of the Process Hollower and Trojan

Pretty well designed attack. Its great you spreading knowledge, even if warning about 1 trojan threat from 500 out there, its spreading awareness about security.
Dont open unknown attachments or open/execute unknown files on your smartphone/PC.
This simplep rule won't get you infected that easily. It will protect from around 95% of threats i bet.
legendary
Activity: 2212
Merit: 7064
As Prevailion Team reported,
MasterManna Trojan Malware uses mass phishing emails with malicious attachments sent to crypto investors.
When you click on the email, the code activates in the background and empty your wallets!






How do they scam people?

Quote
prevailion.com

Step 1 - Phishing E-Mails
Step 2 - Infected Document Attachments
Step 3 - Bitly Link Redirection to “TeamMana” Blogspot
Step 4 - Creating Scheduled Tasks and Registry Keys
Step 5 - Downloading and Loading the Trojan
Step 6 - Analysis of the Process Hollower and Trojan

For example, they sent malicious documents using free web mail accounts.
They then could have used an open-source project to generate a DDE payload
or macro and had the macro reach out to a Bitly link.
This link then resolved to a free Blogspot site, hosted by Google,
which redirected to various Pastebin sites. Finally, they used an older trojan
that likely cost approximately $100. Thus, the only real cost associated
with this particular campaign appears to be that of leasing the VPSs.
source with more information:
https://blog.prevailion.com/2019/10/mastermana-botnet.html


Who is responsible?

Looks like that responsible for this malware is so called Gorgon Group
https://attack.mitre.org/groups/G0078/

How to Protect yourself?

- Don't open emails and attachments from unknown people
- Always double check email sender and domain source
- [Learn about Phishing Protection] Play Phishing Quizzes - Beginners & Experts


+++




One more Crypto Malware Casbaneiro or Metamorfo that targets Crypto
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/

Blacklisted scammer Bitcoin address:
18sn7w8ktbBNgsX8LeeeLMqKS84xMG54si
Jump to: