Crypto Currency Users Hijacked

Uploaded on 2021-01-26 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminals are using a new Remote Access Tool (RAT), written in the open source programming language  Golang, to steal from unsuspecting crypto currency users by getting them to download the trojanised apps. The Golang code appears to be written from scratch and is designed to target Windows, Linux, and MacOS and  gets people to join by promoting the apps in online forums and on social media, where it has already affected thousands of users.

While remaining undetected, it lures crypto currency users into downloading the Trojanised apps and the as yest unknown threat actor successful created a marketing campaign to promote the tools on crypto-currency and blockchain forums

Researchers at the threat detection firm Intezer say they first discovered this operation which was targeting crypto currency users in December 2020, and that the criminal operation itself began in January 2020 with a well-developed marketing campaign, fake social media accounts, websites, and a new RAT called ElectroRAT. According to Intezer, the campaign has already infected thousands of victims.

A total of three Trojanised applications were created for this campaign, each with versions for Windows, Linux and macOS: trade management applications “Jamm” and “eTrade,” and crypto poker app “DaoPoker.” All three applications were built using app building platform Electron, with the RAT embedded inside them. When an app is executed, an innocent interface is displayed to the user, while ElectroRAT runs in the background. 

The RAT was designed with the ability to log keystrokes, take screenshots, upload files from disk, download files, and execute commands. The Windows, Linux, and macOS variants share the same functionality.

Intezer’s security researchers discovered that ElectroRAT contacts raw PasteBin pages from which it retrieves the command and control (C&C) IP address. Given that the same user has published all PasteBin pages, the researchers gained visibility into the number of unique visitors, which is of approximately 6,500. The first PasteBin pages went up on January 8, 2020, suggesting the campaign started at that time.

It is rare to see a RAT written from scratch and used to steal personal information from crypto currency users but, with the price of bitcoin continuing to rise, attacks are likely to increase and the malware used to launch these attacks was probably purchased on the Dark Web

If a user suspects that they are victims of this scam, they must kill the process and delete all files related to the malware and they are strongly advised users to move their funds to a new crypto wallet after changing all the passwords.

Intezer:      ITPro:      Security Week:      SC Magazine:     Coindesk:      The Hindu:    image: Unsplash

You Might Also Read: 

Ransomware & Malware Make Way For New Attack Vectors:

 

« Biden Twitter Account Starts With Zero Followers
Financial Organisations Are Migrating To The Cloud »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Global Secure Solutions (GSS)

Global Secure Solutions (GSS)

Global Secure Solutions is an IT security and risk consulting firm and authorised ISO training partner for the PECB.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

SRG Security Resource Group

SRG Security Resource Group

SRG Security Resource Group is a Canadian company dedicated to providing world-class Physical and Cyber Security services.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.

ThoughtSol

ThoughtSol

Thoughtsol help brands grow through Digital Transformation enabling them to leverage the power of IT for an all-embracing impact on their businesses.