Researchers have recently found a new botnet that is targeting corporations and unsuspected users all around the world.
This botnet is called MasterMana and is capable to exploit various opportunities to launch various attacks on the target. These attacks include dropping backdoor, phishing attacks through business mails, checking for linked cryptocurrency wallets to steal funds. The first process of malware campaign involves sending of malicious files, particularly Word, Excel, PowerPoint, and Publisher. Once these malicious file is opened on the target system, a .NET file is downloaded which loads a fileless backdoor which is a new malware with the capability of escaping detection.
Researchers are linking fileless malware and MasterMania botnet to Azorult or Revenge RAT. Azorult is capable of downloading files, executing ransomware attacks, taking and uploading screenshots, etc. Azorult was previously seen in PayPal malware scam and Magento website hacking cases. MasterMana uses third-party URLs such as blogspot, Pastebin, etc. which helps the botnet to evade detection. The techniques and methods used by MasterMana leads the researchers to associate it with “Gorgon Group”, a group of infamous attackers.
NPAV recommends to never download any file from an untrusted source over the internet. A file with ordinary extension might look safe to download but can lead you to fall victim of various cyber attacks. Always download files and setups from trusted and secure sites.
Use NPAV for complete protection against all cyber attacks.