Intezer Labs said it has discovered fake cryptocurrency applications linked to ElectroRAT, a new strain of Go-based malware.
The campaign was launched in December 2020
Security firm Intezer Labs said it had uncovered a one-year fraud in which cybercriminals created fake cryptocurrency applications to trick users into installing a new strain of malware on their systems, with the apparent ultimate goal of stealing victims’ funds. Intezer Labs said that hackers relied on three applications related to cryptocurrency. The fake apps are called Jamm, eTrade / Kintum and DaoPoker, and are hosted on dedicated websites on jamm[.]to, kintum[.]I i daopker[.]with. The first two applications claimed to provide a simple platform for cryptocurrency trading, while the third was a cryptocurrency poker application. All three applications came in versions for Windows, Mac and Linux. Researchers at Intezer say the apps had a surprise in the form of a new strain of malware that was hidden in them, which the company’s researchers called ElectroRAT.
ElectroRAT is extremely intrusive and has a variety of features, such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim’s console. Intezer researchers believe that the malicious software was used to collect wallet keys with cryptocurrency, and then to empty the victims’ accounts. Due to the whimsy in the design of the malware, which used Pastebin’s URL for the address of its management and administration server, Intezer believes that about 6,500 users were infected with this operation.
As a side note, Intezer Labs also pointed out that ElectroRAT was written in the Go program, a programming language that is slowly becoming increasingly popular among malware authors.
The reasons for the growing popularity of Go among malware authors are many and include the fact that detecting Go malware is still difficult, Go malware analysis is usually more complex than malware written in C, C ++ or C #, and Go also allows operators to easily compile binaries for different platforms easier than other languages.
*The article has been translated based on the content of PC Press by pcpress.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!