• About
  • Advertise
  • Careers
  • Contact
Friday, March 31, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

MasterMana botnet is part of an ongoing malware campaign.

by Cyber360 News
November 11, 2019
in Malware
0
MasterMana botnet is part of an ongoing malware campaign.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

MasterMana botnet is part of an ongoing malware campaign.

The IT security researchers at Prevailion have discovered an active botnet that has been targeting corporations and unsuspected users across the globe.

Dubbed MasterMana by researchers; the botnet utilizes every available option to target its victims including dropping backdoors and phishing attacks through business email compromise commonly known as BEC – If that’s not enough the botnet looks for cryptocurrency wallets on the targeted device and steal their login credentials to withdraw funds.

According to researchers, the malware campaign works in such a way that in the first stage, attackers send emails to victims attached with malicious files, particularly Word, Excel, PowerPoint, and Publisher. Upon opening the attachment, a .NET dll file is downloaded on the system that loads a fileless backdoor, a new form of malware that manages to hide within a computer system and successfully escapes detection.

See: 10 Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone

Researchers believe that the fileless malware in the MasterMana botnet attack is either a variant of Azorult or Revenge RAT (remote access trojan). It is worth noting that Azorult has been previously used in several sophisticated cyberattacks including PayPal malware scam and attack in which more than 1000 Magento websites were hacked and used for cryptojacking and credential stealing.

Additionally, Azorult is capable of taking screenshots on the targeted device along with uploading, downloading files and execute ransomware attacks.

As for MasterMana botnet, these attacks use third-party URLs rather than using compromised domains as seen in previous attacks by other groups. The use of third-party URLs like Bit.ly, blogpost, and Pastebin help evade detection.

MasterMana botnet malware attack

Screenshot: Prevailion

“Opening the infected document initiated the attack’s multi-pronged, labyrinth-like kill-chain. The layered kill-chain approach aids in evading detection by relying upon trust placed in a number of third-party websites and services.”

[…]

“The threat actors also took the additional steps of modifying older Pastebin posts to cease execution, as well as adding features to avoid some automated detection, such as sandboxing,” wrote Danny Adamitis and Matt Thompson of Prevailion in their blog post.

Based on the techniques and tactics used by MasterMana botnet, researchers have associated its activities with the “Gorgon Group,” an infamous group of sophisticated hackers discovered by Palo Alto Networks’ Unit42 in August 2018. The group was found targeting worldwide government organizations.

At the time of publishing this article, Prevailion had identified more than 2000 clicks on one of the malicious links on Bit.ly from locations including the United States, India, Germany, Brazil, etc.

MasterMana botnet malware attack

Screenshot: Prevailion

This campaign is currently ongoing therefore if you want to know more about MasterMana botnet, there’s much more on Prevailion’s blog post including in-depth technical details.

See: Phishing Scams: 5 Excellent Tips That Will Protect You

If you are on the Internet you are at risk of cyber attacks and to protect yourself from this threat always be vigilant and refrain from downloading attachments from an unknown email. In case you have come through a malicious file or link use VirusTotal to scan them before opening them.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
Currently, users mostly from in Eastern Europe & Russia are being targeted by this botnet.

Currently, users mostly from in Eastern Europe & Russia are being targeted by this botnet.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In