Security News > 2021 > January > Cross-platform ElectroRAT malware drains cryptocurrency wallets
Security researchers have discovered a new remote access trojan used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.
Named ElectroRAT after being discovered in December, the cross-platform RAT malware is written in Golang and it was used as part of a campaign that has been targeting cryptocurrency users since the start of 2020.
The attackers behind the ElectroRAT operation created and injected their RAT into custom Electron applications made to look and behave like cryptocurrency trade management tools and as a cryptocurrency poker app.
After being launched on a victim's computer, these apps would show a foreground user interface designed to divert the victims' attention from the malicious ElectroRAT background process.
ElectroRAT is a remarkably invasive malware with a large assortment of capabilities shared by its Windows, Linux, and macOS variants including "Keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim's console."
In December, Intezer has also discovered another Golang-based malware with self-spreading capabilities that has been used to deploy XMRig cryptocurrency miners on Windows and Linux servers.