The ElectroRAT malware has been attempting to steal cryptoassets, including bitcoin (BTC), litecoin (LTC), ethereum (ETH), and monero (XMR), among others, from thousands of victims for the past year, according to a researcher at the New York-based cybersecurity company Intezer Labs.
Intezer estimates the campaign has infected thousands of victims, “based on the number of unique visitors to the pastebin pages used to locate the command and control servers.”
As of early January 2021, the user’s pastes have attracted close to 6,500 unique users, according to data obtained by the cybersecurity firm.
The development is part of a larger trend involving the spike in popularity of crypto-focused worms written in Golang, an open-source programming language.
Avigayil Mechtinger, Security Researcher at Intezer, said the company discovered the wide-ranging operation last December, but believes it was launched in January 2020.
“This extensive operation is composed of a full-fledged marketing campaign, custom cryptocurrency-related applications and a new Remote Access Tool (RAT) written from scratch,” Mechtinger said, adding it involved domain “registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT.”
Developed to target a number of operating systems, including Windows, Linux, and MacOS, the remote access trojan (RAT) was created with the use of Electron, a framework used to build a desktop app, hence the name.
“It is rather common to see various information stealers trying to collect private keys to access victims’ wallets. However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes,” the researcher said. “The attacker behind this operation has lured cryptocurrency users to download trojanized applications by promoting them in dedicated online forums and on social media.”
According to the company, if you were, or suspect that you are a victim of this scam, take the following steps:
- Kill the process and delete all files related to the malware.
- Make sure your machine is clean and running 100% trusted code using Intezer’s tools mentioned above.
- Move your funds to a new wallet.
- Change all of your passwords.
Also, in a related development indicating the surge of multi-platform malware developed in Golang, Intezer recently discovered a worm that has been using its victims’ hardware to mine Monero. The malware targets public-facing services such as MySQL, Tomcat, Jenkins, and WebLogic.
“The worm attempts to spread across the network in order to run XMRig Miner on a large scale. The malware targets both Windows and Linux servers and can easily maneuver from one platform to the other,” Mechtinger said.
___
Learn more:
Crypto Security in 2021: More Threats Against DeFi and Individual Users
Teaching True Story: Trader Robbed of Nearly USD Half Million in Bitcoin
The Ledger…
Read More:Crypto-Stealing Malware Targets At Least 6.5K Victims
Bitcoin 
Ethereum 
Tether 
BNB 
USD Coin 
XRP 
Cardano 
Dogecoin 
Lido Staked Ether 
Polygon 
Solana 
Binance USD 
Polkadot 
Shiba Inu 
TRON 
Litecoin 
Avalanche 
Dai 
Uniswap 
Wrapped Bitcoin 
Chainlink 
Toncoin 
Cosmos Hub 
LEO Token 
Ethereum Classic 
Monero 
OKB 
Bitcoin Cash 
Stellar 
Filecoin 
Aptos 
TrueUSD 
Lido DAO 
Hedera 
Quant 
Cronos 
NEAR Protocol 
VeChain 
Algorand 
Stacks 
Internet Computer 
ApeCoin 
Fantom 
The Graph 
EOS 
The Sandbox 
Aave 
ImmutableX 
Decentraland 
MultiversX