As Prevailion Team reported,
MasterManna Trojan Malware uses mass phishing emails with malicious attachments sent to crypto investors.
When you click on the email, the code activates in the background and empty your wallets!
How do they scam people?
https://blog.prevailion.com/2019/10/mastermana-botnet.html
Who is responsible?
Looks like that responsible for this malware is so called Gorgon Group
https://attack.mitre.org/groups/G0078/
How to Protect yourself?
- Don't open emails and attachments from unknown people
- Always double check email sender and domain source
- [Learn about Phishing Protection] Play Phishing Quizzes - Beginners & Experts
+++
One more Crypto Malware Casbaneiro or Metamorfo that targets Crypto
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
Blacklisted scammer Bitcoin address:
18sn7w8ktbBNgsX8LeeeLMqKS84xMG54si
MasterManna Trojan Malware uses mass phishing emails with malicious attachments sent to crypto investors.
When you click on the email, the code activates in the background and empty your wallets!
How do they scam people?
Quote
prevailion.com
Step 1 - Phishing E-Mails
Step 2 - Infected Document Attachments
Step 3 - Bitly Link Redirection to TeamMana Blogspot
Step 4 - Creating Scheduled Tasks and Registry Keys
Step 5 - Downloading and Loading the Trojan
Step 6 - Analysis of the Process Hollower and Trojan
For example, they sent malicious documents using free web mail accounts.
They then could have used an open-source project to generate a DDE payload
or macro and had the macro reach out to a Bitly link.
This link then resolved to a free Blogspot site, hosted by Google,
which redirected to various Pastebin sites. Finally, they used an older trojan
that likely cost approximately $100. Thus, the only real cost associated
with this particular campaign appears to be that of leasing the VPSs.
source with more information:Step 1 - Phishing E-Mails
Step 2 - Infected Document Attachments
Step 3 - Bitly Link Redirection to TeamMana Blogspot
Step 4 - Creating Scheduled Tasks and Registry Keys
Step 5 - Downloading and Loading the Trojan
Step 6 - Analysis of the Process Hollower and Trojan
For example, they sent malicious documents using free web mail accounts.
They then could have used an open-source project to generate a DDE payload
or macro and had the macro reach out to a Bitly link.
This link then resolved to a free Blogspot site, hosted by Google,
which redirected to various Pastebin sites. Finally, they used an older trojan
that likely cost approximately $100. Thus, the only real cost associated
with this particular campaign appears to be that of leasing the VPSs.
https://blog.prevailion.com/2019/10/mastermana-botnet.html
Who is responsible?
Looks like that responsible for this malware is so called Gorgon Group
https://attack.mitre.org/groups/G0078/
How to Protect yourself?
- Don't open emails and attachments from unknown people
- Always double check email sender and domain source
- [Learn about Phishing Protection] Play Phishing Quizzes - Beginners & Experts
+++
One more Crypto Malware Casbaneiro or Metamorfo that targets Crypto
https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/
Blacklisted scammer Bitcoin address:
18sn7w8ktbBNgsX8LeeeLMqKS84xMG54si