Security News > 2021 > January > ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands

ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands
2021-01-05 15:00

These applications, which were promoted on cryptocurrency and blockchain-related forums such as bitcointalk​ and ​SteemCoinPan​, relate directly to cryptocurrency.

They purport to be "​Jamm​" and "​eTrade," which are cryptocurrency trade management applications, and "​DaoPoker,​" a cryptocurrency poker app.

Though these applications do function, she said, "ElectroRAT is embedded inside of these applications, so upon execution a victim will see the application's GUI, however ElectroRAT will run hidden in the background."

A private key allows a user to access his or her cryptocurrency wallet; access to this would give attackers the ability to take hold of victim wallets, said researchers.

Upon closer inspection, researchers found that ElectroRAT contacts raw Pastebin pages to retrieve the C2 IP address.

Potential scam victims should make sure to delete all files related to the malware, move their funds to a new wallet and change all of their passwords, said researchers.


News URL

https://threatpost.com/electrorat-drains-cryptocurrency-wallet-funds-of-thousands/162705/