Security firm Intezer Labs discovered a malware that was running undetected for more than a year, using face apps and emptying wallets for thousands users, indiscriminately infecting Windows, macOS and Linux operating systems.
The remote access trojan (RAT) was named ElectroRAT, and was using multiple pathways of attack, in order to capture and collect private keys and login informations. This is a sophisticate tool, hidden under three distinct versions, using apps to infect the targets, and companies were made specifically for this hack, including websites build for the purpose off supporting the hacking campaign.
The three applications are called JAMM and eTrade (disguised as cryptocurrency trade management applications) and DaoPoker. They used all the possible marketing tools to promote their activity, whatever you name it, they use it (we are talking about Facebook, Twitter, Discord, Bitcointalk forum and even less known channels such as Steem or PeakD Forum on Hive ecosystem).
Here are some of the website used to promote the whole con act.
This is eTrade promoting website
This is JAMM.
And this is DAOPoker.
Keep in mind that this project look like a legit one, with websites of higher quality than many succesful projects in the cryptosphere (Yes, i mean Harvest.Finance, but they try to improve it lately, and now is part of their charm). The first time they started the activity is January 9 2020, i could not find anything before that. They got promotions, marketing campaign and so on. Which is quite scary, if you think about. One of the most affected wallets is Metamask, and we know quite few well known CEO with a hacked Metamask (Nexus CEO Hugh Karp being the latest).
The whole trojan is masterfully written in Golang, from scratch, but has some similarities with DarkWeb sold stealers like KPOT and Amadey. Except that KPOT is written in C++, and Amadey is in Visual Basic Script, while ElectroRAT is low or completely undetected by most antiviruses, even now. Seems to be made by a Russian , but i may be mistaken.
Check the website pictures, if you had anything to do with these websites, you may want to take the necessary precautions to protect your wallets.
...get the higher rewards for your investments using Blockfi for $50 bonus in BTC and Celsius.network, use Celsius referral 1235256530 for $20 bonus. Crypto.com is also a good choice at the moment, with the native coin CRO, being cheap to buy.
Disclaimer: This text is also re-published on my personal blogs, such as this one.