Bitcoin and cryptocurrencies are becoming more and more popular and valuable these days, so, hackers and scammers won’t let them slide if they have the chance. Now, they developed a new campaign, including marketing, to steal all the people’s cryptos by using some fake apps.
According to a report shared by the cybersecurity firm Intezer, some group of hackers built from the scratch a new Remote Access Trojan (RAT) to inject into the background of some trading and poker applications for Windows, Linux, and macOS.
Once the user downloads this app into their devices, the infection begins and the hackers can register every keystroke typed (keylogger), take screenshots, upload files from the disk, execute commands and, ultimately, empty the cryptocurrency wallets they find in the device. All this with few or no symptoms, till it’s too late. That’s because a functional version of the pretended app is actually installed along with the malware.
Intezer dubbed “ElectroRAT” this virus because the apps it uses to disguise itself were built on the Electron building platform. Specifically, it’s used the apps Jamm, DaoPoker, and eTrade so far, but there may be more on the list to steal cryptos.
Additionally to the malware itself, the hackers have taken the effort to promote the fake apps through a marketing campaign on social media (Twitter and Telegram) and online forums focused on cryptos, like Bitcointalk and SteemCoinPan. They even paid social media influencers to promote the malicious apps.
Using this methodology, including “domain registrations, websites, trojanized applications, fake social media accounts, and a new undetected RAT”, the hackers have successfully stolen thousands of users so far, in a span of a whole year (where they went undetected).
How to avoid the apps that steal cryptos?
As it was indicated by Intezer, this is an unusual, sophisticated, and dangerous threat squarely addressed to all cryptocurrency users. However, in this case, their favorite assets seem to be Ethereum (ETH) and ERC-20 tokens, Monero (XMR), Litecoin (LTC), and Bitcoin (BTC).
If you think you might be infected, then you should kill all the processes related to the malicious apps, delete the programs and files that contain them, change all your passwords through another device and, if your cryptos are still in your local wallets, move them immediately to a safer software. If you can restore them in another wallet (using your private key), with another device, the better.
And don’t forget to avoid the evil triad we taught you before: don’t open dubious emails and let alone their attachments or links, don’t make downloads from non-official websites, and always keep updated your operative system, software, and other devices. Don’t make them easy to steal your cryptos.
Featured Image by Tumisu / Pixabay
Originally published at https://blog.alfa.cash on January 19, 2021.