in

Malware steals bitcoin wallet keys using rogue apps

Key facts:

The Intezer Labs team has not determined the number of people affected.

The malware is capable of attacking Windows, Linux, and MacOS operating systems.

Recently, a new remote access Trojan (RAT) was discovered by the team of researchers at Intezer Labs, which is responsible for stealing the private keys of its victims’ cryptocurrency wallets. So far it has affected 6,500 users of the Pastebin page.

According to the investigation, the attackers carried out a massive marketing campaign on Twitter and Telegram to attract their victims to the contaminated applications Jamm, eTrade and DaoPoker. Two of them pose as bitcoin and cryptocurrency managers, the last one offers poker games with crypto assets.

“When the victim runs any of the three rogue applications, an innocent graphical user interface (GUI) opens, while the malware runs in the background as ‘mdworker’,” the cybersecurity company reported.

The company has not provided the number of people who have fallen victim to the Trojan. It only reported about 6,500 affected users of Pastebin, a website where any text can be stored online for sharing. It is used primarily by programmers to store source code snippets or configuration information.

The attackers contact “the raw Pastebin pages to retrieve the command and control (C&C) IP addresses through the user Execmac, which is related to Amadey and KPOT malware,” the post warns.

They also indicated that the applications were promoted in forums completely legitimate blockchain and bitcoin like bitcointalk and SteemCoinPan.

“This is an extensive operation that includes domain registrations, websites, Trojanized applications and fake social network accounts to access the victims’ wallets,” Intezer highlighted.

The company detailed that ElectroRat, as the malware was called, it is written in the Golang programming language, which allows it to attack Windows, Linux and MacOS operating systems.

“It is quite common to see hackers trying to collect private keys to access victims’ wallets. However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes, ”the document explains.

Intezer Alert

The company advises that ElectroRat, is a harmful malware and “extremely intrusive.” It has capabilities ranging from “keylogging, taking screenshots, uploading files from disk, downloading files, and running commands on the victim’s console.”

Recently, CriptoNoticias published a note in which it highlights that companies in 2020, as a result of the rush to put teleworking tools into operation, put aside strong security measures.

What has allowed the spread of misleading messages by hackers and leaving the advance of ransomware, especially in Latin American countries.