A recent report informed of a new type of malicious operation that has been active for over a year and has targeted thousands of cryptocurrency users. Dubbed ElectroRAT, it’s written from scratch to work on various operating systems and promoted via dedicated forums and marketing campaigns.
The cybersecurity company Intezer issued report describing the latest threat for cryptocurrency users. It reads that the firm discovered the operation in December 2020, but it has been active for at least a year.
The paper described it as a composition of a “full-fledged marketing campaign, custom cryptocurrency-related applications, and a new Remote Access Tool (RAT) written from scratch.”
The company admitted that while it’s common for such information stealers to try to collect private keys to access victims’ wallets, ElectroRAT had a few fundamental differences. The latest malicious operation was reportedly built from scratch in a way to target multiple operating systems at once. Namely, those are Windows, Linux, and macOS.
The malicious operation was typically promoted as a very successful trading instrument or a tool for multiple exchange transactions on one interface.
The report highlighted that the attackers behind the malicious threat used several well-known blockchain and cryptocurrency forums to promote their operation, including bitcointalk and SteemCoinPan.
The perpetrators had set up fake user accounts and published multiple false success stories, tempting readers to browse the applications’ web page. Victims were able to download the app from an external page without realizing that it’s malware.
Furthermore, the attackers created Twitter and Telegram accounts for a “DaoPoker” application and paid a cryptocurrency medial influencer for advertisement.
If the victim indeed falls for the malicious attack and installs the app on his device, the perpetrators receive access to his personal information, accounts, and private keys for crypto wallets. Once they have this data, they could execute transfers from hot wallets.
Ultimately, the cybersecurity company estimated that the number of victims that downloaded the malware is about 6,500.
CryptoPotato recently reported about another similar malicious project that worked as a Google Chrome extension. However, it was downloaded over 30 million times, and multiple victims reported losing all their BTC or other digital asset holdings.