Security firm Intezer Labs is warning consumers using cryptocurrency wallet apps that a new malware strain is attacking and draining those wallets of crypto assets.
Intezer said it discovered a covert year-long malware development called Operation ElectroRAT, in which cybercriminals create fake cryptocurrency apps in order to trick users into installing a new strain of malware on what they believe is a new crypto wallet offering.
“The extensive operation is composed of a full-fledged marketing campaign, customer cryptocurrency-related applications and a new remote access tool (RAT) written from scratch,” researchers at Tel Aviv-based Intezer wrote.
“It is rather common to see various information stealers trying to collect private keys to access victims’ wallets,” the report noted. “However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes.”
The fake crypto wallets are touted in dedicated online forums and social media, where consumers are tricked into downloading trojanized applications.
Cryptocurrency users have to consider an operation like ElectroRAT as putting them “at extreme risk for attack by cybercriminals,” Chris Clements, vice president of solutions architecture at Cerberus Sentinel, said in a statement to media.
“This is a lot different than a stolen credit card, where you can usually dispute fraudulent transactions,” Clements added. “Once criminals have access to digital wallets to transfer funds out, there is very little recourse available. The money is just gone.”
Because the value of cryptocurrency has been on the rise, consumers can expect to see more and increasingly complex attempts to compromise users. It’s a scenario that calls for users “to be extremely cautious in installing any crypto related software on their computers and devices,” Clements said.
Scammers created three different versions of the malware, Intezer reported, each coming with a Windows, Linux and Mac version. It was common to see the applications promoted in cryptocurrency and blockchain-related forums such as bitcointalk and SteemCoinPan, the report stated.
Given the length of time the malware has been in play, it is surprising that so far only 6,500 systems have reported infections, James McQuiggan, security awareness advocate at KnowBe4, said in a media statement.
“As white hats utilize more technology to block black hats and cybercriminals from accessing systems, cybercriminals evolve their tools and tactics by using new programming languages and multi-platform malware to steal currency, data and resources,” McQuiggan said.
Organizations need to make sure all new applications undergo a security vetting process to protect their digital supply chain, McQuiggan added. “Completing this before installing applications on systems or infrastructure will reduce the risk of unauthorized or illegal activity.”