Cybercriminals targeting Crypto Users via new ElectroRAT malware!
Although construed as common knowledge today... that with success comes unwanted fame and potentially attacks. Thus as Crypto's 2021 Bull run garners more attention from the media, the wall of money draws more attention a potentially self filling cycle.
Put another way - if its trending with retail consumers its trending with bad actors too. One example is the move against anything from Apple (MacOS, iOS etc) a few years ago.
What has been discovered? Security firm Intezer Labs said it discovered a covert year-long malware operation where cybercriminals created fake cryptocurrency apps in order to trick users into installing a new strain of malware on their systems.
How long did it operate? Intezer Labs stated they believe the bad actors stated dispersing the malware as early as Jan 8 2020 and it was not detected until December 2020. WOW nearly 12-months of wild rampaging by a new ElectroRAT malware!
What were the fake apps names? Jamm, eTrade/Kintum, and DaoPoker, and were hosted on dedicated websites at jamm[.]to, kintum[.]io, and daopker[.]com. Perhaps there are more that have not yet been identified.
Which OS was targeted? Sorry it appears all three apps came in versions for Windows, Mac, and Linux, and were built on top of Electron, an app-building framework.
How many users were impacted? Intezer believes this operation infected around 6,500 users based upon the number of times the command and control URL was accessed via the ElectroRAT malware
What do the hackers want? One can quickly assume Cryptocurrencies, as they have been demanding Crypto's the past several years as payment to unlock data they locked up with Ransomware.
Who have been victims in the past? A long list for certain but to keep this relevant to Cryptos - WordPress site, Healthcare sites (Hospitals, Vaccine manufacturing sites, Governments (Local, State & Federal levels) Crime fighting organizations (FBI, NSA) the list goes on and on. If you are online its just a matter of when not IF you get hacked! Just because it has not made front page news doesn't mean it didn't take place! One can assume the high number of attacks against the SWIFT and ACH systems is enormous.
Cybercriminals are smart and ever evolving - it has been written that Cybercriminals are more and more professional as creative as sending a survey after unlocking customers data. How was their experience? The intent of writing a professional App and having it play for a year before malicious activity has been detected speaks volumes; well it does to me. I would assume they are heavy into Machine Learning (aka ML) to outfit professionals and their toolkits.
Who is Intezer Labs? They are a security firm that provides runtime protection for Clouds they can be found here - https://www.intezer.com/
Disclaimer - I am not an employee nor an agent of Intezer, just a common guy attempting to keep people informed!
Summary - Stay vigilant, ensure you are always working from a clean system! Trust but verify everything as too much is at stake!