Gorgon Group Unleashes MasterMana Botnet to Steal Crypto Assets from Wallets

A new Botnet, dubbed the MasterMana Botnet, is making waves with its sophisticated, cheap and straightforward design. The botnet was designed to steal personal information and cryptocurrency, using a phishing scheme to gain access to your systems. MasterMana is suspected to be made by the cybercriminal organization: The Gorgon Group.

Cybercriminals are always interesting things to talk about. A century ago, no one would be even able to conceive something like the Internet. Twenty years ago, things like Cryptocurrencies were merely nonexistent.

Now, we’re in an era where the Internet is a necessity for day-to-day life, and cybercriminals are a constant threat to your finances, personal information, and even your identity. It’s worth more, and at the same time far, far less, than what you would imagine.

Cybersecurity researchers had tracked MasterMana down to have started as early as December 2018. They suspect it’s financially motivated due to the indiscriminate nature of the attacks placed on businesses’ emails. They showed a specific intent to find cryptocurrency wallets.

It starts with a phishing email. Said email contains an infected document. Opening the document activates a sophisticated malicious code, broken down into layers to help prevent identification. It further avoids detection by using trusted third party mediums to deliver the code.

Things like Bitly, Blogspot, and Pastebin, common data-sharing platforms, are utilized to download infected pieces of code. Usually, attackers use their private domains to host this, making it relatively easier to track.

Cutting out this vulnerability makes the MasterMana botnet all the more dangerous. The code downloads ultimately culminate in an infected .NET dll file that in turn creates a backdoor into the system. The first attacks used Revenge Rat, a free Remote Access Trojan, but as the attack’s lifespan went on, they switched to Azorult, another well-known trojan software.

Azorult itself is a powerful trojan software, designed to steal usernames, passwords, web history, cookies, and even your cryptocurrency wallets. The software can upload and download files on the infected system, take screenshots, and enumerate the system.

This, in turn, leaves it open for more vulnerabilities. Things like cryptominers and ransomware one of many things they can decide to put on your system.

Guerrilla Warfare’s New Front

The most staggering fact about all this isn’t the coding itself, while sophisticated. It isn’t even the risk of financial loss, while considerable. It’s the price tag on an operation like this. Countless amounts of funds are spent every year by major companies to ensure their vulnerable data stays secure. Billions of Dollars of research, development, and hard work have been put into the cybersecurity sector.

This attack operates on an estimated $160 in its entirety.

Using a single virtual private server and using free online services like Pastebin, these criminals managed to thwart a billion-dollar industry. They achieved this by just creating something that kept them ahead for a while. As time goes on, this attack will doubtlessly become less and less effective, but it shows how cheap you can go if you know what you’re doing.

For the sake of your safety, please be suspicious of any and all files attached to emails. Please be aware that these things only need one moment of lack of focus to get into your system. Keep your cybersecurity up to date, and above all, be safe.