While bitcoin (BTC) prices are on the rise, crypto-related scams appear on the scene to take advantage of the situation. In this case, a security company discovered three malicious crypto apps aimed at stealing users’ money.
Three fake crypto trading and poker apps are infected with dangerous malware
According to Intezer Labs, a year-long malware operation has been underway since January 2020, spreading faster with the help of an advanced marketing campaign.
According to the research, the threat actors rely on three cryptocurrency-related apps to distribute a Remote Access Tool (RAT) malware called ElectroRAT: Jamm and eTrade / Kintum (both fake crypto trading platforms), and DaoPoker (fake crypto poker) app).
Intezer Labs also found that these cyber criminals are developing versions of their software for Windows, Mac and Linux to increase trust in their products and target a greater number of victims around the world.
Investigators say “thousands of victims” have been affected by ElectroRAT’s campaign, including domain registrations, websites, trojanized applications and fake social media accounts.
Some of these fake apps have been spotted in crypto-themed forums such as bitcointalk and Steemcoinpan as fake profiles are used to promote the apps and ask people to download an application that is already infected by the malware.
An ‘unusual’ malware on the radar
After getting infected, the program clears victims’ crypto wallets. Intezer Labs provides more details about malicious apps containing ElectroRAT:
ElectroRAT is extremely pushy. It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim’s console. The malware has similar capabilities for its Windows, Linux and macOS variants.
The research firm emphasizes that it is “very unusual” to see this type of malware stealing sensitive information from cryptocurrency users. Intezer Labs adds:
It’s even rarer to see such a broad and targeted campaign that includes various components such as fake apps and websites, and marketing / promotion efforts through relevant forums and social media.
What do you think of the security company’s findings? Let us know in the comments below.
Image Credits: Shutterstock, Pixabay, Wiki Commons