Malicious apps stealing cryptocurrencies
A new report from the digital security company (Intezer Labs) indicated the discovery of a large-scale fraudulent operation targeting cryptocurrency users through malicious applications intended for this, and it is estimated that this process began in January 2020.
This intense fraudulent operation consisted of a complete marketing campaign, dedicated cryptocurrency applications and a new remote access tool in order to trick users into installing a new strain of malware on their phones, with the clear goal of stealing victims' money.
But what malicious apps were used in this process, and how did they deceive users?
The process was discovered in December of last year, 2020, but researchers believe that cybercriminals started spreading their malware very early in the same year, specifically since January 8, 2020.
The researchers (Intezer Labs): "The criminals have relied on three applications related to cryptocurrency in their plot." These fake apps have the following names:
- Jamm.
- eTrade or Kintum
- DaoPoker
These apps were hosted on dedicated websites, with the first two claiming to provide a simple platform for trading cryptocurrencies, while the third was a poker app that used cryptocurrencies for payment.
All three applications came in versions of Windows, Mac and Linux operating systems, and developed an application-building framework called (Electron) open source, but researchers added that the applications included a new malware strain that was hidden inside, which the company's researchers called (ElectroRAT).
In a report, the researchers stated: "The ElectroRAT software is extremely intrusive, and has various capabilities, such as: keyboard recording, saving screenshots, downloading files from disk, downloading files and executing commands without the victim's knowledge."
Researchers believe the malware was used to collect keys to cryptocurrency wallets and then drain victims' accounts.
in addition to; The researchers said: "Hackers have posted advertisements for the three applications and their websites on specialized cryptocurrency forums, or used social media accounts."
Researchers believe that this process affected about 6,500 users, and advised cryptocurrency users who lost money over the past year but did not identify the source of the hack. Verify whether they downloaded and installed any of the three previously mentioned applications.
If you have used any of these aforementioned fraudulent apps, you should immediately transfer your cryptocurrency accounts to another secure device and then change the passwords, and it is best to reformat the device completely to get rid of these harmful apps radically.
It is worth noting that the company also indicated that the ElectroRAT software was written in the open-source Go language, a programming language that has become very popular among malware developers over the past year, because detecting malware written in this language is still somewhat difficult.
The analysis of malware developed in this language is usually more complicated than malware written in C, C ++ or C #, and this programming language allows developers to deploy programs to different platforms more easily than other programming languages, allowing cybercriminals to create multiple malware directed at most Pallets are easier than ever.