Crypto Currency Users Hijacked

Uploaded on 2021-01-26 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminals are using a new Remote Access Tool (RAT), written in the open source programming language  Golang, to steal from unsuspecting crypto currency users by getting them to download the trojanised apps. The Golang code appears to be written from scratch and is designed to target Windows, Linux, and MacOS and  gets people to join by promoting the apps in online forums and on social media, where it has already affected thousands of users.

While remaining undetected, it lures crypto currency users into downloading the Trojanised apps and the as yest unknown threat actor successful created a marketing campaign to promote the tools on crypto-currency and blockchain forums

Researchers at the threat detection firm Intezer say they first discovered this operation which was targeting crypto currency users in December 2020, and that the criminal operation itself began in January 2020 with a well-developed marketing campaign, fake social media accounts, websites, and a new RAT called ElectroRAT. According to Intezer, the campaign has already infected thousands of victims.

A total of three Trojanised applications were created for this campaign, each with versions for Windows, Linux and macOS: trade management applications “Jamm” and “eTrade,” and crypto poker app “DaoPoker.” All three applications were built using app building platform Electron, with the RAT embedded inside them. When an app is executed, an innocent interface is displayed to the user, while ElectroRAT runs in the background. 

The RAT was designed with the ability to log keystrokes, take screenshots, upload files from disk, download files, and execute commands. The Windows, Linux, and macOS variants share the same functionality.

Intezer’s security researchers discovered that ElectroRAT contacts raw PasteBin pages from which it retrieves the command and control (C&C) IP address. Given that the same user has published all PasteBin pages, the researchers gained visibility into the number of unique visitors, which is of approximately 6,500. The first PasteBin pages went up on January 8, 2020, suggesting the campaign started at that time.

It is rare to see a RAT written from scratch and used to steal personal information from crypto currency users but, with the price of bitcoin continuing to rise, attacks are likely to increase and the malware used to launch these attacks was probably purchased on the Dark Web

If a user suspects that they are victims of this scam, they must kill the process and delete all files related to the malware and they are strongly advised users to move their funds to a new crypto wallet after changing all the passwords.

Intezer:      ITPro:      Security Week:      SC Magazine:     Coindesk:      The Hindu:    image: Unsplash

You Might Also Read: 

Ransomware & Malware Make Way For New Attack Vectors:

 

« Biden Twitter Account Starts With Zero Followers
Financial Organisations Are Migrating To The Cloud »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

ProcessUnity

ProcessUnity

ProcessUnity is a leading provider of Third-Party Risk Management software, helping companies remediate risks posed by third-party service providers.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Anterix

Anterix

Anterix is focused on empowering the modernization of critical infrastructure and enterprise businesses by enabling private broadband connectivity.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.