Fake Crypto Apps Stealing Users’ Bitcoin

Intezer Labs recently discovered malware in fake crypto apps that have infected thousands of users in the last year. The malware searches for crypto keys to steal users’ digital assets.

Thousands of users infected

Security firm Intezer Labs discovered and reported a new malware called ElectroRAT. First found in December, the malware could have been around since at least January 2020. The malware was spread via legitimate-looking crypto apps that infiltrated users’ systems and stole their information which could have included crypto wallet keys.

Fake Crypto Apps Stealing Users’ Bitcoin

The highly sophisticated campaign involved apps like eTrade (or Kintum), Jamm, and DaoPoker. The apps were available for Linux, Windows, and macOS devices. According to Intezer, the apps were “extremely intrusive” and could do keylogging on the users’ computers. It could download, upload, and execute files and take screenshots without the user being aware.

Intezer also highlighted how these applications were promoted and distributed. The apps were advertised on Twitter and cryptocurrency forums. The firm suggests that at least 6,500 users were impacted by the new malware.

A new, custom made app

The fake software was not used pre-built, off-the-shelf malware code. Instead, it was made using Go language on the app-building platform called Electron. The entire app was coded from scratch. Using Go language could have helped the malicious actors quickly replicate the app for multiple platforms. Intezer Labs wrote, “Writing the malware from scratch has also allowed the campaign to fly under the radar for almost a year by evading all antivirus detections.”

ZDNet also commented on the app design and said that the complexity of Go made it difficult to detect and analyze the malware. Intezer has specified how to detect the processes if a user has any of these apps running on their system. It has also notified how to clean the system. The firm also suggests users move their digital assets to a new wallet and changing their passwords to protect them from harm.

Fake Crypto Apps Stealing Users’ Bitcoin

Source

Related Articles

New Advanced Android Malware Posing as “System Update”

Another week, and another major mobile security risk. A few weeks ago, Zimperium zLabs researchers disclosed unsecured cloud configurations exposing information in thousands of legitimate iOS and Android apps (you can read more about it in our blog). This week, zLabs is warning Android users about a sophisticated new malicious app. The new malware disguises … Read More

The post New Advanced Android Malware Posing as “System Update” appeared first on Zimperium Mobile Security Blog.

GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally

Research and writeup by Aazim Yaswant and Nipun Gupta With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and […]

The post GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally appeared first on Zimperium Mobile Security Blog.

Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps

Abstract When approaching the development of a mobile application, one of the key design decisions revolves around the server side aspect of the application. Specifically, storage of information relevant to the app’s usage, as well as the backend API’s allowing the app to query the server for information in real time (as opposed to static … Read More

The post Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps appeared first on Zimperium Mobile Security Blog.

Top 3 Ways to Protect Microsoft Teams on BYO Mobile Devices

During a recent webinar on the Top Five Mobile Security Stories of a Crazy 2020, I listed my number one story around COVID-19 creating a situation unlike anything any of us have ever seen; yet one that will likely leave permanent changes in remote working and learning.  With the overnight shift towards entire workforces working … Read More

The post Top 3 Ways to Protect Microsoft Teams on BYO Mobile Devices appeared first on Zimperium Mobile Security Blog.