Security News > 2021 > January > Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users
Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.
Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and macOS. The apps are developed using the open-source Electron cross-platform desktop app framework.
"Operation ElectroRAT" involved the attackers creating three different tainted applications - each with a Windows, Linux, Mac version - two of which pose as cryptocurrency trade management applications by the name of "Jamm" and "eTrade," while a third app called "DaoPoker" masquerades as a cryptocurrency poker platform.
Not only are the malicious apps hosted on websites built specifically for this campaign, but the services are also advertised on Twitter, Telegram, and legitimate cryptocurrency and blockchain-related forums such as "Bitcointalk" and "SteemCoinPan" in an attempt to lure unsuspecting users into downloading the tainted apps.
Once installed, the app opens a harmless-looking user interface when in reality, the ElectroRAT runs hidden in the background as "Mdworker," which comes with intrusive capabilities to capture keystrokes, take screenshots, upload files from disk, download arbitrary files, and execute malicious commands received from the C2 server on the victim's machine.
Interestingly, an analysis of the Pastebin pages - which were published by a user named "Execmac" as early as January 8, 2020 - and those posted by the same user prior to the campaign found C2 servers used in conjunction with Windows malware like Amadey and KPOT, suggesting the attackers have pivoted from using well-known trojans to a new RAT capable of targeting multiple operating systems.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/qSZYJtNE9ks/warning-cross-platform-electrorat.html