Earn up to 12% APY on Bitcoin, Ethereum, USD, EUR, GBP, Stablecoins & more.

Start Earning Interest
Ad: Bybit - Make your first deposit and earn bonuses of up to $3,000, and more! Earn now!

This “ElectroRAT” malware might be silently draining your Bitcoin

A ransomware has affected users of over three apps in the past year and drained their wallets of hundreds of Bitcoin.

This “ElectroRAT” malware might be silently draining your Bitcoin
Deposit and Earn Up to $3000 Bonus

A ransomware has affected users of over three apps in the past year and drained their wallets of hundreds of Bitcoin.

The rat wants Bitcoin

A new bug identified by researchers that mimics a crypto trading program is said to have affected thousands of users in the past year, a report on security publication Bleeping Computer stated.

Called โ€œElectroRAT,โ€ as it infects Electron applications, the virus is a remote access trojan (RAT) that was discovered in December 2020 and targets Windows, Linux, and macOS users.

Upon infection, the virus overrides application functions and makes them function as either crypto trading apps (on Jamm and eTrade) or a crypto poker app (DaoPoker). When an unsuspecting user accesses any of these, a fake interface pops up while the ElectroRAT works in the background.

Its operation is as follows: The malware infects a victim computer, engages in keylogging, takes screenshots, uploads files from (the victimโ€™s) disk, downloads other critical files, and executes commands on the victim’s console. It is then able to access and transfer any stored crypto that it finds.

To further trap victims, such โ€œtrojanizedโ€ apps, the report said, were promoted on various social media outlets, like Twitter, and other messaging apps or forums popular among crypto users, such as bitcointalk and Telegram.

Over 6,500 instances

Intezer, a security firm that first found out about the virus, noted in its official report that the three apps were seemingly downloaded by victims between January and December 2020. In addition, one of the Pastebin pages used by ElectoRAT to access the command-and-control (C2) serverโ€”or a server that helps a fraudster to control a botnet and sends malicious commands to its membersโ€”was accessed over 6,500 times during the period.

The firm said:

“The trojanized application and the ElectroRAT binaries are either low detected or completely undetected in VirusTotal.”

Intezer added that it was โ€œeven more rareโ€ to see the type of โ€œwide-ranging and targeted campaignโ€ deployed by ElectroRAT hackers, one that included multiple facets like the creation of fake apps and websites, and marketing those out to lure additional victims.

Meanwhile, Intezer advises users of these appsโ€”Jammโ€‹, eTrade, or DaoPokerโ€”to remove all related files from their systems and use admin tools to โ€œkillโ€ their processes. And users whose cryptocurrencies havenโ€™t been drained yet are advised by Intezer to immediately transfer all their cryptocurrencies to another wallet.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis
Price snapshots
More context
Join now for $19/month Explore all benefits
Posted In: , Hacks
Deposit and Earn Up to $3000 Bonus

Like what you see? Subscribe for updates.