Intezer Labs recently discovered malware in fake crypto apps that have infected thousands of users in the last year. The malware searches for crypto keys to steal users’ digital assets.
Thousands of users infected
Security firm Intezer Labs discovered and reported a new malware called ElectroRAT. First found in December, the malware could have been around since at least January 2020. The malware was spread via legitimate-looking crypto apps that infiltrated users’ systems and stole their information which could have included crypto wallet keys.
The highly sophisticated campaign involved apps like eTrade (or Kintum), Jamm, and DaoPoker. The apps were available for Linux, Windows, and macOS devices. According to Intezer, the apps were “extremely intrusive” and could do keylogging on the users’ computers. It could download, upload, and execute files and take screenshots without the user being aware.
Intezer also highlighted how these applications were promoted and distributed. The apps were advertised on Twitter and cryptocurrency forums. The firm suggests that at least 6,500 users were impacted by the new malware.
A new, custom made app
The fake software was not used pre-built, off-the-shelf malware code. Instead, it was made using Go language on the app-building platform called Electron. The entire app was coded from scratch. Using Go language could have helped the malicious actors quickly replicate the app for multiple platforms. Intezer Labs wrote, “Writing the malware from scratch has also allowed the campaign to fly under the radar for almost a year by evading all antivirus detections.”
ZDNet also commented on the app design and said that the complexity of Go made it difficult to detect and analyze the malware. Intezer has specified how to detect the processes if a user has any of these apps running on their system. It has also notified how to clean the system. The firm also suggests users move their digital assets to a new wallet and changing their passwords to protect them from harm.