Probably for almost exactly a year, the operators of a malware campaign have stolen thousands of users of cryptocurrencies. They camouflaged their malicious code in various useful applications.
According to a report by the security company Intezer Labs, which became aware of the problem in December and analyzed it, there are three applications involved: Jamm, eTrade / Kintum and DaoPoker. The first two are apparently easy access to trading platforms for cryptocurrencies, while the third app allows you to play poker with cryptocurrencies.
The applications are available for Windows, macOS and Linux. Inside lies a piece of malware that security researchers call ElectroRAT. This works as a keylogger, takes screenshots, uploads files to the network and can also be provided with further modules via a control infrastructure. All of this is for the purpose of getting in as crypto wallets and their associated passwords.
Written in Go
Based on the communication between installed malware instances and the control server, the security researchers assume that around 6500 users are specifically affected by information theft and have probably lost values in the form of cryptocurrency units. However, there is no information about the possible amount of damage.
ElectroRAT also had a remarkable property: the malware was written in the Go programming language. This is currently enjoying some popularity in the scene. Because the detection of Go malware is more difficult due to a much lower wealth of experience than is the case with the standard languages C or C ++. In addition, binaries for different platforms can be compiled from the code without any problems.