A recent study revealed a new type of malicious activity that has been active for more than a year and targeted thousands of cryptocurrency users. Dubbed ElectroRAT is written to operate on different operating systems from scratch and promoted through dedicated forums and marketing campaigns.
Crypto Users A New Threat
A study detailing the current threat to cryptocurrency users was released by the cybersecurity company Intezer. It reads that in December 2020, the company discovered the operation, but it has been operational for at least a year.
The paper described it as a composition of a full-fledged marketing campaign, a new Remote Access Tool (RAT) written from scratch, and custom cryptocurrency-related applications.
Although it is common for such information stealers to gather private keys to enter the victims’ wallets, ElectroRAT had a few fundamental differences, the company acknowledged. It is claimed that the new malicious activity was designed from scratch in a way that targets several operating systems at once. These are, in truth, Windows, Linux, and macOS.
Usually, the malicious activity was marketed as a very useful trading instrument or a tool on one interface for multiple exchange transactions.
How it works and the number of victims
The study emphasized that many well-known blockchain and cryptocurrency forums, including bitcoin talk and SteemCoinPan, were used by the attackers behind the malicious threat to promote their activity.
The perpetrators had fake user accounts set up and many false success stories released, enticing readers to browse the importance’s web page. Without understanding that it was ransomware, victims were able to download the app from an external website.
In addition, the attackers built Twitter and Telegram accounts for a “DaoPoker” application and paid for ads for a cryptocurrency media influencer.
The perpetrators gain access to their personal information, accounts, and private keys for crypto wallets if the victim falls for the malicious attack and installs the app on his computer. They could execute transfers from hot wallets once they have this data.
The cybersecurity firm ultimately reported that the number of victims downloading the malware was around 6,500.