Malicious apps stealing cryptocurrencies for users | Your Bitcoin is in danger!
Researchers at Intezer Labs revealed that a recently detected malware called ElectroRAT, has been stealing cryptocurrencies from users’ digital wallets since last year and has the ability to target multiple operating systems, as it was designed to target the following operating systems: Windows, Linux and macOS, according to the investigation, it appears that it has already targeted thousands of victims since early 2020, as stated in the Intezer Labs report released this week.
The cybercriminals behind this process are spreading a series of domain registrations, websites, Trojan horse applications, and fake social media accounts to target victims and their digital wallets, says Avigil Metchinger, security researcher at Intezer Labs: “It’s common to find many information thieves. They try to collect private keys to access victims’ wallets, however it is also rare to uncover tools developed from the start to use to target multiple operating systems for the same purpose
In the advertising campaign that Intezer’s security team discovered, cybercriminals began advertising Trojanized malicious applications on social media platforms that include permission to access their Twitter and Telegram network accounts which are in fact fake as they are modified according to social engineering technology and written in programming language. Golang, as well as hosting forums for discussions and news about cryptocurrencies, and malicious apps have been designed to look like safe apps for people who trade in the purchase and sale of virtual currencies, and the report indicated that the campaign operators have created fake apps called Jamm and eTrade, Which appeared to be legitimate applications to manage cryptocurrency trading, and another DaoPoker app is dedicated to poker games and uses cryptocurrency in the payments involved in the game.
The report notes that as soon as the victim launches the application, a normal graphical user interface opens while the ElectroRAT malware is running on the background as “mdworker”, and three copies of these Trojan applications have been released to run on Windows, Linux, and macOS, Kyung Kim, Chief Administrative Officer and Head of Cybersecurity for Asia and the Pacific at FTI Consulting, said previously that many of the parties who are averse to stealing user data are using the Golang programming language to help them create malware that can target operating systems other than Windows, and added:Golang software language is popular with hackers as it is multi-type, allowing to compile a single database on all targeted operating systems, and instead of attacking users only, Golang software focuses its efforts on penetrating application servers, frameworks and web applications of users, and this is partly the reason for its ability to penetrate Systems easily without being detected, in addition to their ability to seize digital wallets from cryptocurrencies. ”The ElectroRAT malicious program works as a Logger that enables it to capture device screenshots and download files from disk and download them to the infected device to execute malicious commands.
The report indicates that the famous Pastebin page has been infected with this electronic virus, and the number of times it has exceeded the limits of 6,500 visits between January and December of the year 2020, which means that it is very likely that there will be thousands of victims who have downloaded the malicious program, the reason for that All according to the security team, is the great development witnessed by the value of the digital process “Bitcoin (BTC)”, where frauds related to this cryptocurrency appear to take advantage of the situation.