The security company Intezer Labs said he discovered a secret malware campaign. According to researchers, The Criminals behind the campaign, have created fake cryptocurrency applications to deceive them users and get them to install a new one malware (ElectroRAT) in their systems. Target is the theft of money.
The campaign was discovered in December.
Intezer Labs said that hackers created three fake cryptocurrency applications, called Jamm, eTrade / Kintum and DaoPoker and are hosted on dedicated websites (jamm [.] to, kintum [.] io, and daopker [.] Com, respectively).
The first two applications claim to provide a simple platform for cryptocurrency exchange, while the third is a cryptocurrency poker app.
All three applications are available in versions for Windows, Mac and Linux and were created based on Electron, an app-building framework.
"ElectroRAT is extremely penetrating ", they said Investigators. It has various features such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim console".
Intezer believes that the malware is being used for collection of cryptocurrency wallet keys so that hackers to empty the accounts of the victims.
The criminals tried to find users-victims advertising the three fake applications cryptocurrency and their sites in specialized cryptocurrency forums and social media.
The users cryptocurrency who have lost money and have not discovered the source of the breach, should check if they have downloaded and installed any of the above three applications.
Finally, Intezer Labs pointed out that ElectroRAT is written in Go, a programming language that has become quite popular among malware creators in the last year.