A new extremely intrusive Remote Access Tool (RAT), ElectroRAT has been targeting cryptocurrency wallets. A rise in the value of cryptocurrency is attracting cyber attackers to attempt phishing attacks and drain their private Digital currency wallets completely. Till now, around 6500 victims have been affected by this ElectroRAT malware. Although this cryptocurrency campaign was discovered in December 2020, by researchers at Intezer, security experts believe that this campaign started in January 2020.
ElectroRAT is written in Golang (Open-source programing language) and compiled to target major operating systems like Windows, Linux, and macOS. Generally, we notice lots of phishing campaigns run by different cybercriminals, but we rarely notice the tools that are prepared from scratch to target vast numbers of users across different operating systems.
The attackers trap cryptocurrency users to download trojanized applications that are being promoted on social media and online forums. Till now three versions of trojanized applications prepared for Windows, Linux, and macOS are detected by security researchers. Everything is planned with extensive expertise hence it’s a matter of serious concern among cryptocurrency users.
Hackers used compromised applications like Jamm and eTrade both are crypto trade management apps and DaoPoker is a cryptocurrency poker app all three apps were promoted on forums such as bitcointalk and SteemCoinPan. Resultantly, the victims were tempted to download the apps without considering the suspicious side of the coin. The attackers were smart enough to create Twitter and Telegram personas for DaoPoker App to influence more victims.
“ElectroRAT is extremely intrusive. It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console. The malware has similar capabilities for its Windows, Linux, and macOS variants” according to the researchers at Intezer Labs.
This multi-platform malware ElectroRAT secretly runs in the background and unfortunately, the crypto users are get trapped into their appealing promotions.
If you are worried about your crypto wallet and want to check if your machine is compromised? First of all, change all of your passwords of cryptocurrency wallet immediately or move your crypto funds to another wallet. You can use Intezer Protect and Intezer Analyze Endpoint Scanner as they have indexed ElectroRAT’s PE and ELF versions to enable you to detect similar samples available on your machine.