Crypto Currency Users Hijacked

Uploaded on 2021-01-26 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminals are using a new Remote Access Tool (RAT), written in the open source programming language  Golang, to steal from unsuspecting crypto currency users by getting them to download the trojanised apps. The Golang code appears to be written from scratch and is designed to target Windows, Linux, and MacOS and  gets people to join by promoting the apps in online forums and on social media, where it has already affected thousands of users.

While remaining undetected, it lures crypto currency users into downloading the Trojanised apps and the as yest unknown threat actor successful created a marketing campaign to promote the tools on crypto-currency and blockchain forums

Researchers at the threat detection firm Intezer say they first discovered this operation which was targeting crypto currency users in December 2020, and that the criminal operation itself began in January 2020 with a well-developed marketing campaign, fake social media accounts, websites, and a new RAT called ElectroRAT. According to Intezer, the campaign has already infected thousands of victims.

A total of three Trojanised applications were created for this campaign, each with versions for Windows, Linux and macOS: trade management applications “Jamm” and “eTrade,” and crypto poker app “DaoPoker.” All three applications were built using app building platform Electron, with the RAT embedded inside them. When an app is executed, an innocent interface is displayed to the user, while ElectroRAT runs in the background. 

The RAT was designed with the ability to log keystrokes, take screenshots, upload files from disk, download files, and execute commands. The Windows, Linux, and macOS variants share the same functionality.

Intezer’s security researchers discovered that ElectroRAT contacts raw PasteBin pages from which it retrieves the command and control (C&C) IP address. Given that the same user has published all PasteBin pages, the researchers gained visibility into the number of unique visitors, which is of approximately 6,500. The first PasteBin pages went up on January 8, 2020, suggesting the campaign started at that time.

It is rare to see a RAT written from scratch and used to steal personal information from crypto currency users but, with the price of bitcoin continuing to rise, attacks are likely to increase and the malware used to launch these attacks was probably purchased on the Dark Web

If a user suspects that they are victims of this scam, they must kill the process and delete all files related to the malware and they are strongly advised users to move their funds to a new crypto wallet after changing all the passwords.

Intezer:      ITPro:      Security Week:      SC Magazine:     Coindesk:      The Hindu:    image: Unsplash

You Might Also Read: 

Ransomware & Malware Make Way For New Attack Vectors:

 

« Biden Twitter Account Starts With Zero Followers
Financial Organisations Are Migrating To The Cloud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.