Using Pastebin unique visitor counts for tracking, over 6,500 victims are estimated to be affected after detection of this malware in December. These numbers may be off and definatly will grow in the coming days.
“Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems.” The Hacker News reports
“ElectroRAT is the latest example of attackers using Golang to develop multi-platform malware and evade most antivirus engines,” the researchers said.
“Jamm“,”eTrade,”,”DaoPoker” are the applications at the heart of this threat. These apps gain access to your information by masquerading as cryptocurrency poker platforms. The proliferation of these malicious applications are not silo’d to social media such as twitter or whatsapp, but they have been found on trusted sites such as Bitcointalk and SteemCoinPan.
Once installed the app runs hidden as “mdworker” with full functionality to capture keystrokes, screen caps, upload/download files leaving the host system vulnerable to whatever order is given on the C2 server. The biggest concern to researchers is the choice to use golang as the base language basically allowing for the malicious nature of these applications to go undetected by traditional malware defense systems.
“It is common to see various information stealers trying to collect private keys to access victims wallets. However, it is rare to see tools written from scratch and targeting multiple operating systems for these purposes.” — The Hacker News