Researchers warn of malware that drains crypto wallets


Protect Your Access to the Internet

Security firm Intezer Labs is warning consumers using cryptocurrency wallet apps that a new malware strain is attacking and draining those wallets of crypto assets.

Intezer said it discovered a covert year-long malware development called Operation ElectroRAT, in which cybercriminals create fake cryptocurrency apps in order to trick users into installing a new strain of malware on what they believe is a new crypto wallet offering.

“The extensive operation is composed of a full-fledged marketing campaign, customer cryptocurrency-related applications and a new remote access tool (RAT) written from scratch,” researchers at Tel Aviv-based Intezer wrote.

“It is rather common to see various information stealers trying to collect private keys to access victims’ wallets,” the report noted. “However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes.”

The fake crypto wallets are touted in dedicated online forums and social media, where consumers are tricked into downloading trojanized applications.

Cryptocurrency users have to consider an operation like ElectroRAT as putting them “at extreme risk for attack by cybercriminals,” Chris Clements, vice president of solutions architecture at Cerberus Sentinel, said in a statement to media.

“This is a lot different than a stolen credit card, where you can usually dispute fraudulent transactions,” Clements added. “Once criminals have access to digital wallets to transfer funds out, there is very little recourse available. The money is just gone.”

Because the value of cryptocurrency has been on the rise, consumers can expect to see more and increasingly complex attempts to compromise users. It’s a scenario that calls for users “to be extremely cautious in installing any crypto related software on their computers and devices,” Clements said.

Scammers created three different versions of the malware, Intezer reported, each coming with a Windows, Linux and Mac version. It was common to see the applications promoted in cryptocurrency and blockchain-related forums such as bitcointalk and SteemCoinPan, the report stated.

Given the length of time the malware has been in play, it is surprising that so far…