Hackers Have Been Stealing Crypto From Wallets for Over a Year with a New Malware Dubbed ‘ElectroRAT’
A new malware, dubbed ElectroRAT has been discovered by cybersecurity researchers at Intezer Labs; the remote access Trojan (RAT) targets crypto wallet users and has been operational for the past year according to the report published on Jan 5.
With crypto prices on a bullish trend, the market continues to be exposed to malicious attackers looking to drain funds from users’ wallets. This latest malware is said to have been embedded in three crypto apps built on Electron hence the pseudo ‘ElectroRAT’.
Under the Hood
Per the report, the apps in which the malware was hidden include Jamm, eTrade/Kintum, and DaoPoker. All these are crypto-oriented applications with the first two being trading apps, while DaoPoker was fronted as a gambling platform. Notably, the three applications were deployed for Linux, Mac, and Windows versions.
Intezer Labs researchers highlighted that the malware took longer to be detected since the apps were built from scratch, concealing the actual intention, which was to breach users’ crypto-wallets. The report describes ElectroRAT as extremely intrusive given its embedded functionalities. ElectroRAT has,
“Various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim's console.”
This malware was written on the Golang programming language which made it even more difficult for malicious malware to be detected. Golang has become a favorite amongst malware authors given the complexity of analyzing projects written in this language; they tend to be more sophisticated than malware written in C#, C++, and C.
Level of Exposure
Intezer Labs estimated that thousands of users may have already been affected by the malware, although they might not be aware. According to additional evidence from the report, some of the victims are Metamask wallet users. This comes as no surprise given that the three apps sourced for marketing support and were able to advertise on popular crypto portals such as SteemCoinPan and Bitcointalk.
Cyber sec stakeholders who have commented on this development include Casa crypto custody CTO, Jameson Lopp, who said that such novel malware is to be expected in a bull market. He went on to caution crypto users against using wallets that store private keys on one’s desktop/laptop; instead, the ‘private keys should be stored on dedicated hardware devices’.