- EletroRAT is a malware written from scratch, mainly targeting cryptocurrency holders
- Cybercriminals have created different apps and launch marketing campaigns to lure victims
- The malware operates on Windows, macOS and Linux
With cryptocurrency prices currently skyrocketing, investors should be wary of a new malware that could be draining their Bitcoin wallets without them knowing.
The malware, dubbed ElectroRAT as it is a remote access tool embedded on apps, has been used by cybercriminals over the past year but it has previously gone undetected because of the level of sophistication surrounding it. It has been created from scratch.
The malware operates not just on Windows but on macOS and Linux as well. Cybercriminals would set up websites and even fake social media accounts to lure victims into using the apps that, when installed, could execute the malware commands.
Once the malware is in the person’s computer, it can take screenshots, key logs and even upload folders.
The malware warning comes at a time when Bitcoin is witnessing a bull run, making such attacks more profitable. At the time of this writing, Bitcoin was worth $37,000 per BTC.
“Hackers want to get your cryptocurrency, and they are willing to go far with it – spend months of work to create fake companies, fake reputation and innocent-looking applications that hide malware to steal your coins,” Avigayil Mechtinger, a researcher at cybersecurity firm Intezer, told Coindesk.
According to Jameson Lopp, chief technology office at cryptocurrency firm Casa, most malware are created to target Windows users since it has a big user base, but other systems are also targeted. “In the case of Bitcoin, malware authors may reason that a lot of early adopters are more technical people who run Linux,” Lopp told Coindesk.
In a blog post, Intezer suggests users who think they are a victim of the scam to kill the process and delete all files related to the malware. They should then change their passwords and move their cryptocurrency funds to a new wallet. Intezer’s products – Endpoint Scanner and Intezer Protect – can scan Windows and Linux environments respectively.
Lopp said the first line of defense is to use only reputed wallets and apps with a large install base. Private keys should always be kept in dedicated hardware wallets, he added.