Tag Archive for: ElectroRAT

ElectroRAT Malware Could Be Draining Your Cryptocurrency Wallet Without You Knowing


KEY POINTS

  • EletroRAT is a malware written from scratch, mainly targeting cryptocurrency holders
  • Cybercriminals have created different apps and launch marketing campaigns to lure victims
  • The malware operates on Windows, macOS and Linux

With cryptocurrency prices currently skyrocketing, investors should be wary of a new malware that could be draining their Bitcoin wallets without them knowing.

The malware, dubbed ElectroRAT as it is a remote access tool embedded on apps, has been used by cybercriminals over the past year but it has previously gone undetected because of the level of sophistication surrounding it. It has been created from scratch. 

The malware operates not just on Windows but on macOS and Linux as well. Cybercriminals would set up websites and even fake social media accounts to lure victims into using the apps that, when installed, could execute the malware commands.

Once the malware is in the person’s computer, it can take screenshots, key logs and even upload folders. 

The malware warning comes at a time when Bitcoin is witnessing a bull run, making such attacks more profitable. At the time of this writing, Bitcoin was worth $37,000 per BTC. 

“Hackers want to get your cryptocurrency, and they are willing to go far with it – spend months of work to create fake companies, fake reputation and innocent-looking applications that hide malware to steal your coins,” Avigayil Mechtinger, a researcher at cybersecurity firm Intezer, told Coindesk.

According to Jameson Lopp, chief technology office at cryptocurrency firm Casa, most malware are created to target Windows users since it has a big user base, but other systems are also targeted. “In the case of Bitcoin, malware authors may reason that a lot of early adopters are more technical people who run Linux,” Lopp told Coindesk. 

In a blog post, Intezer suggests users who think they are a victim of the scam to kill the process and delete all files related to the malware. They should then change their passwords and move their cryptocurrency funds to a new wallet. Intezer’s products – Endpoint Scanner and Intezer Protect – can scan Windows and Linux environments respectively.

Lopp said the first line of…

Source…

Cross-platform ElectroRAT malware drains cryptocurrency wallets


Cross-platform ElectroRAT malware drains cryptocurrency wallets

Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.

Named ElectroRAT after being discovered in December, the cross-platform RAT malware is written in Golang and it was used as part of a campaign that has been targeting cryptocurrency users since the start of 2020.

Thousands infected within a year

The attackers behind the ElectroRAT operation created and injected their RAT into custom Electron applications made to look and behave like cryptocurrency trade management tools (Jamm​ and eTrade​) and as a cryptocurrency poker app (DaoPoker).

After being launched on a victim’s computer, these apps would show a foreground user interface designed to divert the victims’ attention from the malicious ElectroRAT background process.

Trojanized eTrader app
Image: Intezer

To lure potential victims, the threat actors promoted the trojanized apps on social media (Twitter and Telegram) and on dedicated online forums (bitcointalk​ and ​SteemCoinPan​) according to an Intezer report shared with BleepingComputer earlier this week.

The malicious apps were downloaded by thousands of victims between January and December 2020, with one of the pastebin pages used by the malware to retrieve command-and-control (C2) server addresses having been accessed almost 6,500 times throughout the year.

“The trojanized application and the ElectroRAT binaries are either low detected or completely undetected in VirusTotal at the time of this writing,” Intezer says.

After getting infected and having their wallets drained by the malware’s operators, some of the victims were also seen warning others of the dangerous apps.

warnings

Switch from off-the-shelf to custom malware

C2 pastebin pages published by the same user who uploaded the ElectroRAT C2 info show that the attackers have also made use of off-the-shelf Amadey and KPOT information stealer trojans.

Both stealers target only the Windows platform and are well-known trojans that would make efforts to remain undetected almost impossible following infection.

The new Golang-based and undetected ElectorRAT malware was most likely a much more effective tool for a stealthy operation,…

Source…