A new report indicated From digital security company Intezer Labs to Discovery A large-scale fraudulent operation targeting cryptocurrency users via malicious applications intended for this, and it is estimated that this process began in January 2020.
This intense fraudulent operation consisted of an entire marketing campaign, custom cryptocurrency apps and a new remote access tool. In order to trick users into installing a new strain of Malware In their phones, with the clear goal of stealing victims’ money.
But what malicious apps were used in this process, and how did they deceive users?
The process was discovered in December of last year, 2020, but researchers believe that cybercriminals began spreading their malware very early in the same year, specifically since January 8, 2020.
The researchers (Intezer Labs): “The cybercriminals have relied on three applications related to cryptocurrencies in their plot.” These fake apps have the following names:
- eTrade or Kintum.
These applications have been hosted On dedicated websites, the first two applications claimed to provide a simple platform for trading cryptocurrencies, while the third was a poker app that used cryptocurrencies for payment.
All three applications came in versions for Windows, Mac, and Linux operating systems, and developed an application building framework called (Electron), But the researchers added that the applications contained a new malware strain that was hidden inside, which the company’s researchers called (ElectroRAT).
And in report “The ElectroRAT software is very intrusive, and it has various capabilities, such as: keyboard recording, saving screenshots, downloading files from disk, downloading files and executing commands without the victim’s knowledge,” the researchers said.
Researchers believe the malware was used to collect keys to cryptocurrency wallets and then drain victims’ accounts.
in addition to; The researchers said: “Hackers have posted advertisements for the three applications and their websites on specialized cryptocurrency forums, or used social media accounts.”
Researchers believe that this process affected about 6,500 users, and advised cryptocurrency users who lost money over the past year but did not identify the source of the hack. Verify whether they downloaded and installed any of the three previously mentioned applications.
If you have used any of these aforementioned fraudulent apps, you should immediately transfer your cryptocurrency accounts to another secure device and then change the passwords, and it is best to reformat the device completely to get rid of these harmful apps radically.
It is worth noting that the company also indicated that the ElectroRAT software was written in (GoOpen source, a programming language that has become very popular among malware developers over the past year, because detecting malware written in this language is still a bit difficult.
The analysis of malware developed in this language is usually more complex than malware written in C, C ++, or C #, and this programming language allows developers to deploy programs to different platforms more easily than other programming languages, allowing cybercriminals to create multiple malware directed at most Pallets are easier than ever.