Hackers target cryptocurrency users with new ElectroRAT malware

Image: Intezer Labs

By for Zero Day | Source: ZDNet

Security firm Intezer Labs said it discovered a covert year-long malware operation where cybercriminals created fake cryptocurrency apps in order to trick users into installing a new strain of malware on their systems, with the obvious end goal of stealing victims’ funds.

The campaign was discovered last month in December 2020, but researchers said they believe the group began spreading their malware as early as January 8, 2020.

Intezer Labs said the hackers relied on three cryptocurrency-related apps for their scheme.

The fake apps were named Jamm, eTrade/Kintum, and DaoPoker, and were hosted on dedicated websites at jamm[.]to, kintum[.]io, and daopker[.]com, respectively.

The first two apps claimed to provide a simple platform to trade cryptocurrency, while the third was a cryptocurrency poker app.

All three apps came in versions for Windows, Mac, and Linux, and were built on top of Electron, an app-building framework.

But Intezer researchers say the apps also came with a little surprise in the form of a new malware strain that was hidden inside, which the company’s researchers named ElectroRAT.

ElectroRAT is extremely intrusive,” researchers said today in a report shared with ZDNet. “It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console.”