Operation ElectroRAT Attacker Creates Fake Companies to Drain Your Crypto Wallet

[Baofeng]

Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets

With Bitcoin on the rise and a market exceeding billions of dollars, cryptocurrency has attracted threat actors wishing to leverage these capitals for their own financial gain.

In December, we discovered a wide-ranging operation targeting cryptocurrency users, estimated to have initiated in January 2020. This extensive operation is composed of a full-fledged marketing campaign, custom cryptocurrency-related applications and a new Remote Access Tool (RAT) written from scratch.

The campaign includes: Domain registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT. ElectroRAT is written in Golang and compiled to target multiple operating systems: Windows, Linux and MacOS.

https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/

I think we have suspected already that there are criminals who specialises on crypto users. It's just that we really don't know how big on how extensive they were. And obviously, our community was mentioned to be one of the platforms that has been targeted or at least being utilised by this criminals, the other one is "SteemCoinPan". But the good thing is that members here are vigilant to report users who spread fake and malicious apps here.

But still, we need to be very careful, these cyber criminals are very advance that they're able to create this  malicious apps without anti-virus detecting them for months or even years. And it targets all OS now, Windows, Linux and MacOS.

[hugeblack]

Anti-virus programs are the danger. If you are browsing the Internet randomly and think that the program will protect you, follow the golden rule to avoid downloading any link that is not trusted by the source and you will not need these programs.

With the tremendous rise in the price of bitcoin, the hacker has enough budget and motives to deceive people in complex ways, and antivirus programs will need a lot of time to update their databases.

[DdmrDdmr]

The number of estimated victims is seemingly low (estimate of 6,5k people) for a malware setup that’s been running for a year now, under the radar until now, but it can build to a pretty penny. Perhaps it's rather surgical by nature.

The article cites that the Trojan apps used were "Jamm", "eTrade" and "DaoPoker", promoted here on Bitcointalk, amongst others places (the referenced article provides screenshots). It goes to show how one should be wary of all downloadable software, and though many people spend their time spotting and reporting any malware they find, not everything is easy to detect (this one seems to have bypassed antiviruses pretty well), and there are many links relayed here and on social platforms on a daily basis.

[Jating]

I still remember this reminder: Don't get tricked by hidden spam on this forum. So it could be spam or simple many new accounts are really promoting this trojan in our community for years now and perhaps there are quite a few who have fallen for it.

The whole anti-virus cannot detected it is really scary indeed, majority of us rely to them, but still the best weapon is us, education and use our logic not to download even from this community. The attacks seems to start even prior to the bull run, but this time, it's more magnify because of this cyber threat investigations.

[hatshepsut93]

The campaign includes: Domain registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT. ElectroRAT is written in Golang and compiled to target multiple operating systems: Windows, Linux and MacOS.

Some people say that just using Linux is enough to not worry about malware, but that's just not true - if you're a crypto user, you can't afford to take any risks, because in the future, when Bitcoin will reach new highs, you'll get really depressed that you allowed hackers to steal your coins that could have been millions. So, whatever platform you are using, your security practices shouldn't change much.

[cryptomaniac_xxx]

The campaign includes: Domain registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT. ElectroRAT is written in Golang and compiled to target multiple operating systems: Windows, Linux and MacOS.

Some people say that just using Linux is enough to not worry about malware, but that's just not true - if you're a crypto user, you can't afford to take any risks, because in the future, when Bitcoin will reach new highs, you'll get really depressed that you allowed hackers to steal your coins that could have been millions. So, whatever platform you are using, your security practices shouldn't change much.

Yeah, the whole notion before the Unix and Linux flavor OS is safe from this criminals no longer holds, although it used to be an attack to take advantage and mine Monero, perhaps it is gradually shifting.

That's why I try to maintained this thread, Alarming Unix attack is on the rise.

[Welsh]

Yeah, the whole notion before the Unix and Linux flavor OS is safe from this criminals no longer holds, although it used to be an attack to take advantage and mine Monero, perhaps it is gradually shifting.

That's why I try to maintained this thread, Alarming Unix attack is on the rise.

Well it kind of does, depending on how you take that advice. I've never heard any respectable person claim that Linux was impenetrable, but what I have heard, and surveyed is that Linux is used by a small amount of the population with Windows leading the market which means, if you want to infect as many computers as possible, your attention is likely going to set on Windows users. However, that doesn't mean that there aren't malicious code that runs on Linux, its just less common. Probably, severely less common (without looking up statistics). It also depends entirely on how the user is setup, are they operating from a root user etc.

My advice is usually based on how "paranoid" a user is. If you are very security conscious (for a better word) then assume that every device can be compromised, from all sorts of attacks. Buying used computers probably isn't recommended, and even choosing where you buy mining equipment is probably worth it. Assuring browser is secure, by preventing scripts from running, and probably by only visiting websites you know you can 100% trust.

Linux is more difficult to compromise, and there's various distributions which handle it better, and worse. By far, any operating system which uses isolation, or compartmentalization is best. Qubes OS, can isolate software into a container, you can virtually separate your  network from within Qubes OS, and various other things. However, the compatibility of this is the issue, even down to the hardware level.

So, whatever platform you are using, your security practices shouldn't change much.

Absolutely, to the best of your ability avoid changing your mindset just because a system offers better protection. Anti virus, Linux, and various other protection against viruses, can actually we worse for some people due to the fact that they'll drop their guard, and let complacently creep in.

Obviously, no one is perfect, and I believe almost everyone has some sort of security flaw in their regime, since unfortunately if you were to take all the precautions in the world, you would be severely limited on what you could do on a computer.

[Baofeng]

The campaign includes: Domain registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT. ElectroRAT is written in Golang and compiled to target multiple operating systems: Windows, Linux and MacOS.

Some people say that just using Linux is enough to not worry about malware, but that's just not true - if you're a crypto user, you can't afford to take any risks, because in the future, when Bitcoin will reach new highs, you'll get really depressed that you allowed hackers to steal your coins that could have been millions. So, whatever platform you are using, your security practices shouldn't change much.

I myself has move out of Windows in 2018, used Mac OS and then Linux Mint last year. So it still boils down as to how we practice our 'security hygiene'. Yes, I agree that no OS is safe now, that's why it's really up to us. If we think that because we used Unix we are safe, then definitely that is a wrong mindset to begin with.

[Moellaa]

is there any way to prevent this attacker really this is very detrimental to those who are deceived

[jademaxsuy]

is there any way to prevent this attacker really this is very detrimental to those who are deceived

Just always being careful and do not check or click any link thay could be a malware or will lead you to phishing site. Once you visited a fake site it will be remembered and then the next time you visit into the site which you are lookong for then you will be redirected to the fake site because you have already visited it and your device do remeber the site. Being careful is one big thing that could save your funds especially bitcoins where most hackers and phishers wanted to obtain.

[lovesmayfamilis]

Just always being careful and do not check or click any link thay could be a malware or will lead you to phishing site. Once you visited a fake site it will be remembered and then the next time you visit into the site which you are lookong for then you will be redirected to the fake site because you have already visited it and your device do remeber the site. Being careful is one big thing that could save your funds especially bitcoins where most hackers and phishers wanted to obtain.

It's good when there are people who warn inexperienced newbies with advice not to click on malicious links or download all kinds of software. But there is a moment that beginners that, cannot determine what is needed and what is not.
Welsh, everything was painted perfectly. And I also prefer Qubes OS, but sometimes it is possible to use regular sandbox programs. With their help, you can create an isolated space that will be protected from all sorts of malicious programs.
https://www.sandboxie.com/