Bitcoin has continued its unprecedented bull run going into the new year. Signs of bullish momentum were seen in October 2020 when the price broke past a two-year resistance. As of January 8, 2021, the price of one BTC is around $40,000.
However, as the crypto market has been undergoing an unprecedented rally throughout 2020 and continuing in 2021, a group of hackers has been secretly stealing crypto from users. The group created a new type of malware called ElectroRAT, which has gone undetected for the past 12 months.
About The ElectroRAT Malware
ElectroRAT was uncovered in December 2020 by researchers at Intezer Labs. According to a report they published, the malware began spreading around January 2020. The hackers used three crypto-related apps to steal crypto from unsuspecting users.
They named the three fake apps eTrade/Kintum, Jamm, and DaoPoker. The first two apps were promoted as simple platforms where users could trade crypto. They promoted the third app as a crypto-related poker app.
All three apps came in versions compatible with Mac, Windows, and Linux devices. The hackers built the apps from the ground app using the Electron app-building framework. All the apps were written using the Go programming language. The hackers installed stealthy malware in the app, which allowed them to steal crypto from the users.
How The Malware Worked
The apps came with Trojan malware that was written from the ground app. Once a user installed the app, the ElectroRAT Malware would allow the hackers to receive screenshots, keystrokes, install files, make uploads and downloads, and execute commands. By building the apps from scratch, the hackers were able to avoid all major antivirus software.
In their report, the researchers noted that it was rare to find RAT written from scratch and used to target crypto holders. They added that it was rarer to see such a far-reaching and targeted campaign that included various aspects such as sites, fake apps, and promotional efforts on social media and other forums.
The hackers promoted their apps via campaigns on crypto-related forums such as SteemCoinPan and Bitcointalk. They used fake social media accounts in their promotions, which would direct users to one of three websites related to each of the apps.
How To Tell If You Are Infected
The report estimates that around 65,000 users were infected by the malware. To tell if you have been infected, you should check your system for any of the apps. In the report published by Intezer, they have provided links that users of Linux and Windows can use to detect if the malware is running on their systems.
Anyone who finds the malware on their system should immediately move their funds to a new wallet and change their login details such as passwords and emails. They should also immediately disinfect their system. In the report, it was not stated whether the hackers had managed to steal any funds for users.
Notice: Information contained herein is not and should not be construed as an offer, solicitation, or recommendation to buy or sell securities. The information has been obtained from sources we believe to be reliable; however no guarantee is made or implied with respect to its accuracy, timeliness, or completeness. Authors may own the crypto currency they discuss. The information and content are subject to change without notice. Visionary Financial and its affiliates do not provide investment, tax, legal or accounting advice.