Three fake applications have been emptying Cryptocurrency wallets undercover
With the advancement of the cryptocurrency industry, the various threats to it are also on the rise. From bad actors trying to hack into your crypto accounts to malicious applications, there are several different types of ways one can lose their crypto assets. Lately, Cybersecurity researchers have discovered a year-long malware operation that targets cryptocurrency owners using a number of fake applications.
A recent report from Security firm Intezer Labs warns that the recent crypto bull market has also resulted in increased activity amongst hackers and bad actors looking to nab crypto assets from unsuspecting victims. The malware has been active for almost a year but was discovered just recently in December 2020.
The malware is a new remote access trojan (RAT), dubbed ElectroRAT, that has emptied the crypto wallets of thousands of Windows, macOS, and Linux users.
The malware was spread mainly via three apps dubbed Jamm, eTrade/Kintum, and DaoPoker, which were all hosted on their respective websites. The first two of these are poor quality crypto trading applications, while the other one is a gambling-based application.
According to the report, the ElectroRAT malware embedded within these apps is extremely intrusive.
“It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console,” a part of the report reads.
After a victim installs this infected application, the app shows a normal foreground interface, while the malware infects the system in the background. The apps were promoted using social media platforms Twitter and Telegram in addition to cryptocurrency-based forums such as Bitcointalk.
Many lost it all
The Cybersecurity firm estimates that the malware has already affected “thousands of victims” who have lost all their crypto assets. There was also evidence that some victims who were compromised by the apps were using popular crypto wallets such as MetaMask.
The malware has been coded using a multi-platform programming language called Golang which makes it hard to detect. The Cybersecurity firm adds that it is quite uncommon for RAT to be designed as a tool to steal personal information from crypto owners, considering that it was written from scratch.
“It is even rarer to see such a wide-ranging and targeted campaign that includes various components such as fake apps and websites, and marketing/promotional efforts via relevant forums and social media,” the report continued.
However, this isn’t an uncommon occurrence within the cryptocurrency industry. Last month, Blockchain forensics firm CipherTrace warned cryptocurrency users about a phishing malware that pretends to be a MetaMask extension.
Original Source