$type=slider$show=home$snippet=hide$cate=0$h=500$va=0$rm=0

Stealthy cross-platform malware could dispossess you of your crypto holdings

As Bitcoin and other cryptocurrencies have once again reached record highs, a group of cybercriminals has been working for the past 12 mont...

As Bitcoin and other cryptocurrencies have once again reached record highs, a group of cybercriminals has been working for the past 12 months on a marketing campaign that uses custom malware to steal the contents of users' crypto wallets.

The operation was discovered by Intezer Labs and it has been active since January of last year.

The custom malware for Windows, macOS and Linux devices is distributed through three separate trojanized apps and the cybercriminals responsible also used a network of fake companies, websites and social media profiles to dupe unsuspecting users.

The apps used in the operation include “Jamm”, “eTrade” and “DaoPoker. While the first two apps claimed to be cryptocurrency trading platforms, the third was a poker app that allowed users to make bets using cryptocurrency.

ElectroRAT

Once a user installs one of the apps in question on their devices, a remote access trojan (RAT) which Intezer has dubbed ElectroRAT serves as backdoor that allows the cybercriminals to log users' keystrokes, take screenshots, upload, download and install files on their systems as well as execute commands. To the cybercriminals credit, all three apps went undetected by antivirus software.

Security researcher Avigayil Mechtinger at Intezer provided further insight on the operation and the custom malware used by the cybercriminals behind it in a new report, saying:

“It is very uncommon to see a RAT written from scratch and used to steal personal information from cryptocurrency users. It is even more rare to see such a wide-ranging and targeted campaign that includes various components such as fake apps/websites and marketing/promotional efforts via relevant forums and social media.”

In order to locate its command and control server, ElectroRAT uses Pastebin pages published by a user who goes by the handle “Execmac”. Based on Execmac's profile, these pages have received more than 6,700 views since the operation began in January of last year and Intezer believes that these page views correspond to the number of people infected by ElectroRAT.

If you have any of the three fake apps installed on your systems, it is highly recommended that you remove them immediately and you can use Intezer's Analyze tool to look for any traces of ElectroRAT running in memory on Windows or Linux.

Via Ars Technica



from TechRadar - All the latest technology news https://ift.tt/395EGTr
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3855,Business,145,Camera,1154,Earn $$$,1,Gadgets,1739,Games,922,Mobile,1695,Technology,7932,Trailers,795,Travel,36,Trendly News,15411,Video,3,XIAOMI,12,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Stealthy cross-platform malware could dispossess you of your crypto holdings
Stealthy cross-platform malware could dispossess you of your crypto holdings
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/01/stealthy-cross-platform-malware-could.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/01/stealthy-cross-platform-malware-could.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy