Crypto Currency Users Hijacked

Uploaded on 2021-01-26 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Cyber-criminals are using a new Remote Access Tool (RAT), written in the open source programming language  Golang, to steal from unsuspecting crypto currency users by getting them to download the trojanised apps. The Golang code appears to be written from scratch and is designed to target Windows, Linux, and MacOS and  gets people to join by promoting the apps in online forums and on social media, where it has already affected thousands of users.

While remaining undetected, it lures crypto currency users into downloading the Trojanised apps and the as yest unknown threat actor successful created a marketing campaign to promote the tools on crypto-currency and blockchain forums

Researchers at the threat detection firm Intezer say they first discovered this operation which was targeting crypto currency users in December 2020, and that the criminal operation itself began in January 2020 with a well-developed marketing campaign, fake social media accounts, websites, and a new RAT called ElectroRAT. According to Intezer, the campaign has already infected thousands of victims.

A total of three Trojanised applications were created for this campaign, each with versions for Windows, Linux and macOS: trade management applications “Jamm” and “eTrade,” and crypto poker app “DaoPoker.” All three applications were built using app building platform Electron, with the RAT embedded inside them. When an app is executed, an innocent interface is displayed to the user, while ElectroRAT runs in the background. 

The RAT was designed with the ability to log keystrokes, take screenshots, upload files from disk, download files, and execute commands. The Windows, Linux, and macOS variants share the same functionality.

Intezer’s security researchers discovered that ElectroRAT contacts raw PasteBin pages from which it retrieves the command and control (C&C) IP address. Given that the same user has published all PasteBin pages, the researchers gained visibility into the number of unique visitors, which is of approximately 6,500. The first PasteBin pages went up on January 8, 2020, suggesting the campaign started at that time.

It is rare to see a RAT written from scratch and used to steal personal information from crypto currency users but, with the price of bitcoin continuing to rise, attacks are likely to increase and the malware used to launch these attacks was probably purchased on the Dark Web

If a user suspects that they are victims of this scam, they must kill the process and delete all files related to the malware and they are strongly advised users to move their funds to a new crypto wallet after changing all the passwords.

Intezer:      ITPro:      Security Week:      SC Magazine:     Coindesk:      The Hindu:    image: Unsplash

You Might Also Read: 

Ransomware & Malware Make Way For New Attack Vectors:

 

« Biden Twitter Account Starts With Zero Followers
Financial Organisations Are Migrating To The Cloud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Ikerlan

Ikerlan

Ikerlan is an R&D technology centre specialising in areas including embedded systems, industrial automation and industrial cybersecurity.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

Bedrock Security

Bedrock Security

Bedrock Security is at the forefront of revolutionizing data security in the cloud and GenAI era.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.