Three crypto-based software hid a nasty surprise for those who downloaded them.
Cyber Security analysts also uncovered a year-long ransomware operation that has threatened cryptocurrency consumers by producing a variety of fake applications.
Security company Intezer Laboratories warned that ever-increasing crypto rates have resulted in escalated interaction between hackers and malicious players targeting financial benefits. The malware has been distributed during the last year, but was only found in December 2020.
The new remote access Trojan (RAT), called ElectroRAT, was used to clear the cryptocurrency wallets of thousands of Windows, MacOS, and Linux users, the report added.
Three cryptocurrency-related attacks applications—Jamm, eTrade/Kintum, and DaoPoker—were all hosted to their own websites. The first two are fraudulent crypto trading applications, while the third one is gambling focused.
The ElectroRAT malware concealed within these applications is highly invasive according to the researchers;
“It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console.”
After being downloaded on the victim’s computer, the applications display a front-end user interface intended to distract focus from malicious background operations. Apps were supported using Twitter and Telegram social networking channels in addition to cryptocurrency-based sites such as Bitcointalk.
Intezer Laboratories reported that the campaign had already infected “thousands of victims” who had their crypto wallets drained. It added that there was evidence that certain victims who had been infected by the apps were using common crypto wallets, such as MetaMask.
“It is even rarer to see such a wide-ranging and targeted campaign that includes various components such as fake apps and websites, and marketing/promotional efforts via relevant forums and social media.”
There have been a number of occasions in 2020 where bogus versions of legal applications and browser plugins, such as MetaMask or Ledger, have found their way to victim devices. This may be linked to a major data leak by Ledger in mid-December.
In September 2020, Coinbase users were among the victims of new Android-based malware spread via the Google Play Store.
226 Interactions, 6 today