One of the prevention measures is to avoid opening emails from strangers, as well as protecting wallets with two-factor authentication systems.
Researchers in the cybersecurity area alert the crypto-community about a Trojan virus that takes control of users’ wallets on both computers and mobile devices. Thus, attackers can steal all cryptocurrencies from their victims’ accounts.
One of the security agencies that gave the alert is the Prevailion cybersecurity agency, which indicated that the name of the malware is MasterMana Botnet. This malicious file uses Phishing type emails to operate.
The malware sends emails to a large number of people to infect computers; when victims open the message, the malicious code creates security breaches and then access the cryptocurrency funds stored on the device.
“We assess that the Botnet was interacting with approximately 2,000 machines a week, or 72,000 machines over the course of 2019, based on the snapshot we observed”, said the Director of Prevailion, Danny Adainis.
According to the cyber-intelligence company, the malware was modified to create a Trojan which operates through Microsoft programs. In this way, there is a possibility that it affects users by infecting devices through Word, Excel, PowerPoint and even Publisher files.
Getting to know the Guilty One
An organization known as The Gordon Group could be responsible for creating this malware. This group is integrated by hackers from around the world who sell the digital assets they steal.
The MasterMana Botnet would use a low-budget Russian malware. This malware costs about USD 100, although hackers also require a virtual public server for a price of USD 60.
The cost could be even lower. This is because a similar version of the Trojan, better known as Revenge Rat, was available for free access until mid-September.
Despite that suspiciously low cost, the malware reached about 2,000 devices every week since December 2018.
“These actors saw an opportunity and appear to have carved out a nice niche for themselves. We suspect that this particular threat actor will likely to continue his operations, as a previous public reporting has not deterred them”, the researchers explained.
In addition, the researchers said they wanted to highlight the band’s new modus operandi “so that network defenders may more easily identify their operations”.
However, until now the identity of the people who make possible the expansion of these attacks is unknown and this malware is undetectable for many of the most popular security software on the market.
Other Threats
This year, the rise in the price of cryptocurrencies has caused new threats to be detected every week.
Last week, security experts warned about a new spyware which used the encrypted service of Telegram, the messaging platform. This malware seeks to replace the wallet addresses of its users with their own address.
Recently, ESET, the leading antivirus provider based in Slovakia discovered a banking Trojan which is able to steal cryptocurrencies and is widespread in Latin America.
Investigators’ estimates are that criminals have managed to steal some USD 4.3 billion. For this reason, new forms of investigation have been created to find those responsible and help the victims.
By María Rodríguez
