Cyber security researchers have discovered a year-long malware operation that has targeted cryptocurrency users with the creation of a number of fake apps.
Security firm Intezer Labs warned that ever increasing crypto prices have created heightened activity among hackers and malicious actors seeking financial gains. The malware has been disseminated over the past year, but was only discovered in December 2020.
The new remote access trojan (RAT), dubbed ElectroRAT, has been used to empty the cryptocurrency wallets of thousands of Windows, macOS, and Linux users, the report added.
Three cryptocurrency-related apps deployed in the attack — Jamm, eTrade/Kintum, and DaoPoker — were all hosted on their own websites. The first two are bogus crypto trading apps while the third is gambling based.
The ElectroRAT malware hidden inside these apps is extremely intrusive according to the researchers;
“It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console.”