This “ElectroRAT” malware might be silently draining your Bitcoin

Free Bitcoins: FreeBitcoin | BonusBitcoin

Coins Kaufen: Bitcoin.deAnycoinDirektCoinbaseCoinMama (mit Kreditkarte)Paxfull

Handelsplätze / Börsen: Bitcoin.de | KuCoinBinanceBitMexBitpandaeToro

Lending / Zinsen erhalten: Celsius NetworkCoinlend (Bot)

Cloud Mining: HashflareGenesis MiningIQ Mining


A ransomware has affected users of over three apps in the past year and drained their wallets of hundreds of Bitcoin.

|a253f5c54a0b0761413012d6d092a148|

A new bug identified by researchers that mimics a crypto trading program is said to have affected thousands of users in the past year, a report on security publication |370f2fa131f5e1a5ab8d9d8cebf49a63| stated.

Called “ElectroRAT,” as it infects Electron applications, the virus is a remote access trojan (RAT) that was discovered in December 2020 and targets Windows, Linux, and macOS users.

Upon infection, the virus overrides application functions and makes them function as either crypto trading apps (on Jamm and eTrade) or a crypto poker app (DaoPoker). When an unsuspecting user accesses any of these, a fake interface pops up while the ElectroRAT works in the background.

Its operation is as follows: The malware infects a victim computer, engages in keylogging, takes screenshots, uploads files from (the victim’s) disk, downloads other critical files, and executes commands on the victim’s console. It is then able to access and transfer any stored crypto that it finds.

To further trap victims, such “trojanized” apps, the report said, were promoted on various social media outlets, like Twitter, and other messaging apps or forums popular among crypto users, such as bitcointalk and Telegram.

|e1d13bc86ed3c31bc0e96132653a9934|

Intezer, a security firm that first found out about the virus, noted in its official report that the three apps were seemingly downloaded by victims between January and December 2020. In addition, one of the Pastebin pages used by ElectoRAT to access the command-and-control (C2) server—or a server that helps a fraudster to control a botnet and sends malicious commands to its members—was accessed over 6,500 times during the period.

The firm said:

“The trojanized application and the ElectroRAT binaries are either low detected or completely undetected in VirusTotal.”

Intezer added that it was “even more rare” to see the type of “wide-ranging and targeted campaign” deployed by ElectroRAT hackers, one that included multiple facets like the creation of fake apps and websites, and marketing those out to lure additional victims.

Meanwhile, Intezer advises users of these apps—Jamm​, eTrade, or DaoPoker—to remove all related files from their systems and use admin tools to “kill” their processes. And users whose cryptocurrencies haven’t been drained yet are advised by Intezer to immediately transfer all their cryptocurrencies to another wallet.

Posted In: Bitcoin, Hacks

Like what you see? Subscribe for daily updates.



Free Bitcoins: FreeBitcoin | BonusBitcoin

Coins Kaufen: Bitcoin.deAnycoinDirektCoinbaseCoinMama (mit Kreditkarte)Paxfull

Handelsplätze / Börsen: Bitcoin.de | KuCoinBinanceBitMexBitpandaeToro

Lending / Zinsen erhalten: Celsius NetworkCoinlend (Bot)

Cloud Mining: HashflareGenesis MiningIQ Mining

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close