8, 2020 – indicating the operation has been active for at least a year. Upon viewing the Pastebin pages, researchers noted the first pages were posted on Jan.
Upon closer inspection, researchers found that ElectroRAT contacts raw Pastebin pages to retrieve the C2 IP address. She told Threatpost, researchers do not have information about how much money was stolen.
“We have evidence that it was used to steal crypto wallets, however it has the capability to gather any information from the victim’s machine,” said Mechtinger. A private key allows a user to access his or her cryptocurrency wallet access to this would give attackers the ability to take hold of victim wallets, said researchers. Then, the RAT targets victims’ private crypto keys. For instance, they purport to be “Jamm” and “eTrade,” which are cryptocurrency trade management applications, and “DaoPoker,” a cryptocurrency poker app. These applications, which were promoted on cryptocurrency and blockchain-related forums such as bitcointalk and SteemCoinPan, relate directly to cryptocurrency. The attacker behind the campaign first lured cryptocurrency users to download trojanized applications. The malware has similar capabilities for its Windows, Linux and MacOS variants.” The Attack “It has various capabilities such as keylogging, taking screenshots, uploading files from disk, downloading files and executing commands on the victim’s console. “ElectroRAT is extremely intrusive,” according to Intezer researchers in a Tuesday morning analysis. The campaign was discovered in December 2020 – but researchers believe it initially began a year ago, and estimate that at least 6,500 victims have been infected, based on the number of unique visitors to the Pastebin pages used to locate command and control (C2) servers. The never-before-seen RAT at the center of the campaign, which researchers dub ElectroRAT, is written in the Go programming language and is compiled to target a number of different operating systems, including Windows, Linux and MacOS. The attack has targeted cryptocurrency users in an attempt to collect their private keys and ultimately to drain their wallets. A new remote access tool (RAT) has been discovered being used in an extensive campaign.
0 kommentar(er)
