ElectroRAT Steals Crypto from Windows 10 Users

With the price of Bitcoin higher than ever before, it is no surprise that a new spate of cryptocurrency stealing malware variants are hitting the news.

Researchers at Intezer have uncovered a previously unknown remote access tool (RAT) that is currently targeting Windows 10 users. The malware has also targeted macOS and Linux users. The Intezer team has named the crypto-stealing malware ElectroRAT and believes there are at least 6,500 victims.

The research team believes the campaign has been active since January 2020, meaning it has been in operation for around 12 months without detection.

ElectroRAT lures cryptocurrency users to download a trojanized application with posts on social media networks and cryptocurrency forums. The trojanized apps look and function like popular cryptocurrency trading apps Jamm and eTrade. There is also a trojanized version of the cryptocurrency poker app DaoPoker.

Once installed, ElectroRAT attempts to locate the private keys for any cryptocurrency wallets found on the victim’s system. Once the private keys for a cryptocurrency wallet are stolen, the attacker can access the victim’s wallet as if it were their own.

The Intezer blog and analysis also comment on the rarity of a remote access tool built from the ground up with a specific purpose in mind. ElectroRAT was built using the programming language Golang, which is featuring in more and more malware attacks.

Cryptocurrency Stealing Malware on the Rise

With the price of Bitcoin consistently breaking through its all-time high towards the end of 2020 and in early 2021, cryptocurrency stealing incidents are likewise on the move.

Although Bitcoin’s meteoric rise hasn’t captured the public’s imagination as it did in 2017 (when it first hit the $20,000 per coin mark), many people are moving a portion of their investments into the gold standard of cryptocurrencies.

With that in mind, it is more important than ever to take extra steps in protecting your cryptocurrency wallets. Keep your machines up to date, don’t download any unusual apps from untrusted sources, and most of all, keep your cryptocurrency wallet private keys stored offline.