According to Intezer Labs, a year-long malware operation has been underway since January 2020, spreading faster with the help of a sophisticated marketing campaign.
Per the research, the threat actors rely on three cryptocurrency-related apps to spread a Remote Access Tool (RAT) malware named ElectroRAT: Jamm and eTrade/Kintum (both fake crypto trading platforms), and DaoPoker (fake crypto poker app).
Intezer Labs also found that these cybercriminals are developing versions of their software for Windows, Mac and Linux to increase confidence in their products, and to target a wider range of victims across the globe.
The investigators say there are “thousands of victims” affected by ElectroRAT’s campaign, which includes domain registrations, websites, trojanized applications, and fake social media accounts.
Some of these bogus apps were spotted in crypto-themed forums such as bitcointalk and Steemcoinpan, as fake profiles are used to promote the apps, asking people to download an application that is already infected by the malware.
if (!window.GrowJs) { (function () { var s = document.createElement(‘script’); s.async = true; s.type = ‘text/javascript’; s.src = ‘https://bitcoinads.growadvertising.com/adserve/app’; var n = document.getElementsByTagName(“script”)[0]; n.parentNode.insertBefore(s, n); }()); } var GrowJs = GrowJs || {}; GrowJs.ads = GrowJs.ads || []; GrowJs.ads.push({ node: document.currentScript.parentElement, handler: function (node) { var banner = GrowJs.createBanner(node, 31, [300, 250], null, []); GrowJs.showBanner(banner.index); } });
After getting infected, the program drains victims’ crypto wallets. Intezer Labs provides more details about malicious apps that contain ElectroRAT:
ElectroRAT is extremely intrusive. It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim’s console. The malware has similar capabilities for its Windows, Linux and macOS variants.
The research firm highlights that it’s “very uncommon” to see this kind of malware steal sensitive information from cryptocurrency users. Intezer Labs adds:
It is even more rare to see such a wide-ranging and targeted campaign that includes various components such as fake apps and websites, and marketing/promotional efforts via relevant forums and social media.
What are your thoughts about the findings from the security firm? Let us know in the comments section below.
The post Hackers Are Using Three Fake Crypto-Related Apps to Drain Wallets appeared first on Bitcoin News.
[…]
Learn more
The defunct cryptocurrency exchange Mt. Gox is making waves again, this time with huge Bitcoin…
Lightning Labs, a leading developer in Bitcoin's Lightning Network ecosystem, has launched a groundbreaking protocol…
According to onchain data, a significant whale holding over 92,500 ether moved the funds to…
🛸Inspired by the internet's favorite extraterrestrial, Skinny Bob MemeCoin is revolutionizing the cryptosphere across multiple…
NFTs, or non-fungible tokens, are transforming various industries, including art, music, sports, and real estate.…
Proton Technologies AG, the Swiss company renowned for its encrypted email and VPN services, has…
Leave a Comment