The ElectroRAT malware is a sophisticated threat that is able to steal cryptocurrency from digital wallets. It is also able to run keyloggers on the targeted device. This enables hackers to take hold of the victim’s private keys, which enables them to access the victims’ wallets.
In January 2020, cybersecurity researchers uncovered a scam aimed at draining crypto holders’ wallets. The attacker used a remote access tool to infiltrate the user’s computer and collect the private keys of the user’s crypto wallets. These keys are then sent to the perpetrators.
As part of a wide-ranging marketing operation, the attacker promoted fake social media accounts and trojanized applications on a variety of forums. These malicious apps were designed to look like legitimate trade management or poker application. However, they contain malware that can download files from disk and run as a RAT.
Cybersecurity experts are warning users to be vigilant and keep their devices secure. They advise users to not download apps from unauthorized sources and use official channels for downloading apps. Malspam campaigns can also be dangerous, so users should be wary of suspicious emails and attachments. If you are a victim of this scam, delete the app from your system. Additionally, make sure you change your passwords and move any pending funds to a new wallet.
Security researchers at Intezer have reported on a new type of malware, which they believe to be the ElectroRAT. The malware is designed to target multiple operating systems, including Windows, MacOS and Linux. According to Intezer, the ElectroRAT malware has been in operation for over a year.
Despite the obscurity of the ElectroRAT, the malware is a sophisticated threat that can easily evade most antivirus engines. Intezer Labs pointed out that the ElectroRAT was written in the Go programming language, which is widely used by malware authors. Also, the malware is capable of executing commands on the victim’s console.
Various forums and websites are used to promote ElectroRAT. These include a popular crypto forum called SteemCoinPan. There are also a number of cryptocurrency-related forums that have been targeted by the malware.
The operation appears to have infected thousands of users since early 2020. However, Intezer has not been able to accurately estimate the number of victims. Researchers also discovered that the operation took half a year to set up. During that time, the malware contacted raw Pastebin pages to retrieve the command and control server’s IP address.
Aside from stealing crypto from victims’ wallets, ElectroRAT can be used to collect personal information. It can record keystrokes, upload files from disk, and take screenshots. In addition, it can download files, execute commands, and take screenshots.
Intezer also identified an operation that leveraged the newly-developed Remote Access Tool, which is written in the Go programming language. In this campaign, the perpetrators used fake social media accounts and domain registrations to promote their malware.
The attackers behind this scam were able to get around antivirus detections by developing the malware from scratch. They created three unique applications. One of these applications was designed to let users place bets using cryptocurrencies. Another application was a trading platform that simulated a virtual currency poker game.
