As Bitcoin and other cryptocurrencies hit record highs again, a group of cybercriminals has been working for 12 months on a marketing campaign that uses custom malware to steal users' cryptocurrency content. The operation was discovered by Intezer Labs and has been active since January of last year. The custom malware for Windows, macOS, and Linux devices is distributed via three separate applications, and the cybercriminals responsible have also used a network of fake companies, websites, and social media profiles to trick unsuspecting users. The applications used in the operation include "Jamm", "eTrade" and "DaoPoker". While the first two apps claimed to be cryptocurrency trading platforms, the third was a poker app that allowed users to place bets using cryptocurrency.
ElectroRAT
Once a user installs one of the apps in question on their devices, a Remote Access Trojan (RAT) that Enterter dubbed ElectroRAT serves as a backdoor that allows cybercriminals to log keystrokes. Users take screenshots, upload, download, and install files to their systems, and run commands. To the credit of the cybercriminals, all three apps were not detected by the antivirus software. Security researcher Avigayil Mechtinger of Intezer provided additional information about the operation and the custom malware used by the cybercriminals in a new report, saying: “It is very rare to see a RAT written from scratch and used to steal personal information from cryptocurrency users. It is even rarer to see such a large and targeted campaign that includes various components such as fake apps/websites and marketing/promotion efforts via relevant forums and social media. " To locate its command and control server, ElectroRAT uses Pastebin pages posted by a user going by the handle "Execmac". According to Execmac's profile, these pages have received more than 6.700 hits since the operation began in January of this year. past and Intezer estimates that these pageviews correspond to the number of people infected with ElectroRAT.If any of the three rogue applications are installed on your systems, it is highly recommended that you remove them immediately and you can use Intezer's scan tool to verify if there are traces of ElectroRAT in memory on Windows or Linux Via Ars Technica