Hackers Target Cryptocurrency With ElectroRAT Malware
ElectroRAT is a new type of malware that has the ability to capture and steal private keys from crypto wallets. This sophisticated threat evades most antivirus engines and is distributed through dedicated online forums. Intezer Labs uncovered a covert year-long campaign that involved the distribution of custom cryptocurrency-related applications. These apps were laced with ElectroRAT, and researchers believe the malware was used to steal victims’ crypto-wallet keys.
The “ElectroRAT” malware is written in Go, and targets multiple operating systems. It was originally discovered in December. Researchers think it was distributed through a variety of social media platforms, including Telegram and Twitter. They also found that it was promoted on a variety of legitimate blockchain forums.
The attackers developed three malicious apps. Two of the apps claimed to be crypto trading platforms. Another application posed as a poker app. All three were built on the Electron app building framework.
The apps were distributed through various social media platforms, including Telegram and Twitter. Intezer researchers believe the attacker paid a social media influencer to promote the trojanized applications. Those who downloaded the apps were instructed to visit websites hosted by the attackers, which were designed to appear professional. At these sites, they were encouraged to download and install the malware.
Intezer Labs’ initial analysis showed that there were more than 6,000 victims of the ElectroRAT virus. It was estimated that the campaign might have started as early as January 2020. However, it seems the attackers have pivoted to a different RAT. Interestingly, this new tool is compiled to target Linux and MacOS.
While ElectroRAT appears to have been a part of a scam that targeted crypto users, security researchers believe that it is actually the victim of its own success. Researchers point out that the value of cryptocurrencies is rising, and a hacker would need to fight the encryption on the blockchain to successfully capture private keys. With the increased interest in cryptocurrencies, there could be many more victims.
A third app masked as a cryptocurrency poker platform was also detected. The attackers also created fake social media accounts. One Twitter account had 417 followers. They promoted the applications on cryptocurrency-related forums and in the popular Telegram application.
Security experts are currently investigating the campaign. Whether the attacks were carried out by a group or individual, the attacks evaded most antivirus detections. There are several ways to access wallet data, so it is important to check all of your files for any traces of the virus.
If you are worried about your cryptocurrency wallet, change your passwords. Additionally, you should make sure your antivirus software is updated regularly. You should also scan all downloaded files for any signs of the malware.
While the attack has been able to elude detection for a year, cybersecurity experts believe that the operation might still be active. Since it has been running for almost a year, it is highly likely that the hackers have pivoted to a different RAT.