Crypto Currency Users Hijacked

Cyber-criminals are using a new Remote Access Tool (RAT), written in the open source programming language  Golang, to steal from unsuspecting crypto currency users by getting them to download the trojanised apps. The Golang code appears to be written from scratch and is designed to target Windows, Linux, and MacOS and  gets people to join by promoting the apps in online forums and on social media, where it has already affected thousands of users.

While remaining undetected, it lures crypto currency users into downloading the Trojanised apps and the as yest unknown threat actor successful created a marketing campaign to promote the tools on crypto-currency and blockchain forums

Researchers at the threat detection firm Intezer say they first discovered this operation which was targeting crypto currency users in December 2020, and that the criminal operation itself began in January 2020 with a well-developed marketing campaign, fake social media accounts, websites, and a new RAT called ElectroRAT. According to Intezer, the campaign has already infected thousands of victims.

A total of three Trojanised applications were created for this campaign, each with versions for Windows, Linux and macOS: trade management applications “Jamm” and “eTrade,” and crypto poker app “DaoPoker.” All three applications were built using app building platform Electron, with the RAT embedded inside them. When an app is executed, an innocent interface is displayed to the user, while ElectroRAT runs in the background. 

The RAT was designed with the ability to log keystrokes, take screenshots, upload files from disk, download files, and execute commands. The Windows, Linux, and macOS variants share the same functionality.

Intezer’s security researchers discovered that ElectroRAT contacts raw PasteBin pages from which it retrieves the command and control (C&C) IP address. Given that the same user has published all PasteBin pages, the researchers gained visibility into the number of unique visitors, which is of approximately 6,500. The first PasteBin pages went up on January 8, 2020, suggesting the campaign started at that time.

It is rare to see a RAT written from scratch and used to steal personal information from crypto currency users but, with the price of bitcoin continuing to rise, attacks are likely to increase and the malware used to launch these attacks was probably purchased on the Dark Web

If a user suspects that they are victims of this scam, they must kill the process and delete all files related to the malware and they are strongly advised users to move their funds to a new crypto wallet after changing all the passwords.

Intezer:        ITPro:         Security Week:          SC Magazine:      Coindesk:        The Hindu:          image: Unsplash

You Might Also Read: 

Ransomware & Malware Make Way For New Attack Vectors:

 

« Biden Twitter Account Starts With Zero Followers
Financial Organisations Are Migrating To The Cloud »

Perimeter 81

Directory of Suppliers

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SingCERT

SingCERT

National Computer Emergency Response Team of Singapore.

Cyber adAPT

Cyber adAPT

Cyber adapt provide an integrated platform that secures the operation of Smartphones and BYOD.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI)

Blockchain Research Institute (BRI) is an independent, global think-tank. We bring together the world’s top global researchers to undertake ground-breaking research on blockchain technology.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.