2021-1-8 22:15 |
While bitcoin (BTC) prices are increasing, crypto-related scams appear on the scene to take advantage of the situation. In this case, a security firm spotted three malicious crypto apps targeting users to steal their funds.
Three Bogus Crypto Trading and Poker Apps Are Infected With Dangerous MalwareAccording to Intezer Labs, a year-long malware operation has been underway since January 2020, spreading faster with the help of a sophisticated marketing campaign.
Per the research, the threat actors rely on three cryptocurrency-related apps to spread a Remote Access Tool (RAT) malware named ElectroRAT: Jamm and eTrade/Kintum (both fake crypto trading platforms), and DaoPoker (fake crypto poker app).
Intezer Labs also found that these cybercriminals are developing versions of their software for Windows, Mac and Linux to increase confidence in their products, and to target a wider range of victims across the globe.
The investigators say there are “thousands of victims” affected by ElectroRAT’s campaign, which includes domain registrations, websites, trojanized applications, and fake social media accounts.
Some of these bogus apps were spotted in crypto-themed forums such as bitcointalk and Steemcoinpan, as fake profiles are used to promote the apps, asking people to download an application that is already infected by the malware.
if (!window.GrowJs) { (function () { var s = document.createElement('script'); s.async = true; s.type = 'text/javascript'; s.src = 'https://bitcoinads.growadvertising.com/adserve/app'; var n = document.getElementsByTagName("script")[0]; n.parentNode.insertBefore(s, n); }()); } var GrowJs = GrowJs || {}; GrowJs.ads = GrowJs.ads || []; GrowJs.ads.push({ node: document.currentScript.parentElement, handler: function (node) { var banner = GrowJs.createBanner(node, 31, [300, 250], null, []); GrowJs.showBanner(banner.index); } });
An ‘Uncommon’ Malware on the RadarAfter getting infected, the program drains victims’ crypto wallets. Intezer Labs provides more details about malicious apps that contain ElectroRAT:
ElectroRAT is extremely intrusive. It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim’s console. The malware has similar capabilities for its Windows, Linux and macOS variants.
The research firm highlights that it’s “very uncommon” to see this kind of malware steal sensitive information from cryptocurrency users. Intezer Labs adds:
It is even more rare to see such a wide-ranging and targeted campaign that includes various components such as fake apps and websites, and marketing/promotional efforts via relevant forums and social media.
What are your thoughts about the findings from the security firm? Let us know in the comments section below.
Similar to Notcoin - Blum - Airdrops In 2024