BSV
$46.83
Vol 19.89m
0.06%
BTC
$68785
Vol 41068.05m
0.39%
BCH
$338.73
Vol 274.67m
1.53%
LTC
$67.01
Vol 335.17m
1.36%
DOGE
$0.16
Vol 3775.02m
11.24%
Getting your Trinity Audio player ready...

Beware of downloading these three applications—Jamm, DaoPoker and eTrade—as they will allegedly steal your digital currencies. According to cybersecurity experts, the three are disguised as digital currency trading and management apps, but end up stealing your private keys.

Cybersecurity experts from Intezer Labs discovered the malware and detailed it in a recent report.

According to the report, the Remote Access Trojan (RAT) malware became quite active in December when most digital currencies started recording huge price rises. ElectroRAT is written in the Golang programming language, allowing it to target multiple operating systems including Windows, MacOS and Linux.

The report notes that while its common for attackers to use information stealers to target victims’ private keys, it’s rare to see tools written from scratch and targeting multiple operating systems.

To lure victims, the attackers have been promoting them in dedicated online forums such as bitcointalk and SteemCoinPan. In one post on Chinese Hive forum, the attackers touted Kintum as a digital currency management platform that has “freedom and no trouble.” They falsely claim to have partnered with Coinbase, Bitfinex, Kraken, Binance and over 20 other exchanges.

For DaoPoker, the attackers went even further; creating social media accounts for the fake app. Twitter has since then suspended the account, however. The attackers allegedly used social media influencers to promote their fake apps.

ElectroRAT contacts raw pastebin pages to retrieve the command and control (C&C) IP addresses. As Intezer Labs reveals, the number of unique visitors to the attackers’ pastes stands just short of 6,500. The pastebin page also indicates that the malware has been active for at least 356 days.

Pastebin page

Once the victim runs any of the three fake apps, an innocent graphical user interface (GUI) opens while ElectroRAT runs in the background as “mdworker”.

“ElectroRAT is extremely intrusive. It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim’s console. The malware has similar capabilities for its Windows, Linux and MacOS variants.”

The malware has remained under the radar for almost a year now. This is largely because the attackers wrote the malware from scratch. On VirusTotal, DaoPoker for instance is completely undetected.

See also: CoinGeek Live panel, Future of Digital Asset Security & Custody

Recommended for you

How to construct transactions on BSV blockchain with Python
Python coders, it's time to start learning how to build Bitcoin transactions as nChain's Senior Software Engineer, Arthur Gordon, recently...
November 5, 2024
BSV Association joins OnlyDust’s developer event sponsor list
OnlyDust is a network for open-source developers working with blockchain and decentralized projects; its purpose is to connect contributors, maintainers,...
October 23, 2024
Advertisement
Advertisement
Advertisement