A newly discovered malware type is targeting cryptocurrency wallets on Windows systems. The malware, dubbed ElectroRAT by the researchers, has claimed thousands of victims so far, with more set to emerge.
ElectroRAT Steals Crypto from Windows 10 Users
With the price of Bitcoin higher than ever before, it is no surprise that a new spate of cryptocurrency stealing malware variants are hitting the news.
Researchers at Intezer have uncovered a previously unknown remote access tool (RAT) that is currently targeting Windows 10 users. The malware has also targeted macOS and Linux users. The Intezer team has named the crypto-stealing malware ElectroRAT and believes there are at least 6,500 victims.
ElectroRAT is extremely intrusive. It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim's console. The malware has similar capabilities for its Windows, Linux and MacOS variants.
The research team believes the campaign has been active since January 2020, meaning it has been in operation for around 12 months without detection.
ElectroRAT lures cryptocurrency users to download a trojanized application with posts on social media networks and cryptocurrency forums. The trojanized apps look and function like popular cryptocurrency trading apps Jamm and eTrade. There is also a trojanized version of the cryptocurrency poker app DaoPoker.
Once installed, ElectroRAT attempts to locate the private keys for any cryptocurrency wallets found on the victim's system. Once the private keys for a cryptocurrency wallet are stolen, the attacker can access the victim's wallet as if it were their own.
The Intezer blog and analysis also comment on the rarity of a remote access tool built from the ground up with a specific purpose in mind. ElectroRAT was built using the programming language Golang, which is featuring in more and more malware attacks.
It is very uncommon to see a RAT written from scratch and used to steal personal information from cryptocurrency users. It is even more rare to see such a wide-ranging and targeted campaign that includes various components such as fake apps/websites and marketing/promotional efforts via relevant forums and social media.
Cryptocurrency Stealing Malware on the Rise
With the price of Bitcoin consistently breaking through its all-time high towards the end of 2020 and in early 2021, cryptocurrency stealing incidents are likewise on the move.
Although Bitcoin's meteoric rise hasn't captured the public's imagination as it did in 2017 (when it first hit the $20,000 per coin mark), many people are moving a portion of their investments into the gold standard of cryptocurrencies.
With that in mind, it is more important than ever to take extra steps in protecting your cryptocurrency wallets. Keep your machines up to date, don't download any unusual apps from untrusted sources, and most of all, keep your cryptocurrency wallet private keys stored offline.