ElectroRAT: the malware that is emptying crypto wallets

ElectroRAT: the malware that is emptying crypto wallets

By Roberto D. | CryptoFarm | 12 Jan 2021

Intezer security researchers have discovered a new remote access trojan (RAT) that aims to empty cryptocurrency wallets of Windows, Linux and macOS users. ElectroRAT, this is the name of the new threat, was only discovered in December, but has been active since the beginning of 2020.

The Go programming language was used to develop ElectroRAT, which is becoming popular with malware authors in several respects, including more complicated analysis than malware written in C, C ++ or C # and the ability to easily compile binaries for different platforms more easily and attack more users.

(For those who are not "insiders", it is written in a different language from those most commonly used as thanks to the use of the "Go" language it has more possibilities to attack a greater user, and at the same time it is more difficult to identified.)

The attackers who developed ElectroRAT have inserted it into Electron applications (a framework for developing apps) created ad hoc made to look like real tools for managing cryptocurrency portfolios, but not only. The "fake" apps were called Jamm, eTrade / Kintum and DaoPoker, hosted on websites linked to the addresses jamm.to, kintum.io and daopker.com.

The first two apps were intended as simple platforms for exchanging cryptocurrencies, while the third was a poker application. The researchers reconstructed that, to spread the apps, the bad guys posted ads on niche forums related to cryptocurrencies (bitcointalk and SteemCoinPan) and used two social networks (Twitter and Telegram).

Malicious apps show the user an interface designed to distract their attention from the malicious background of ElectroRAT. The apps have been downloaded thousands of times between January and December 2020, in short, it's serious.


"ElectroRAT's trojan app and binaries are either under-detected or completely unnoticed in VirusTotal at the time of this writing," said Intezer researchers. However, the goal of emptying cryptocurrency wallets is not the only one, as ElectroRAT also functions as a "keylogger, captures screenshots, loads files from disk, downloads files and executes commands on the console of the victim".

What to do to protect yourself?

As Intezer stated:

"It is very rare to see a RAT written from scratch and used to steal personal information of cryptocurrency users ... It is even rarer to see such a large and targeted campaign that includes various components, such as fake apps and websites and marketing initiatives / promotion through relevant forums and social media ".

In case of infection, it is necessary to immediately close the processes of the app in question and remove all files from the system. Also, in case the cryptocurrency wallets have not already been emptied, it would be wise to transfer the funds to a new wallet and change all system passwords as soon as possible.

I leave you in the article of Intezer (just click HERE) if you want more details about it. I sincerely hope that none of you have been scammed in this way.

As always, thank you for making it this far, and see you next time!



Useful/Stonks link ALL TRUSTED:

Telegram Channel:

My Exchange:



Cloud Mining FREE:


Roberto D.
Roberto D.

Born, and still living, in Italy. Passionate about cryptocurrencies since I discovered ethereum in 2016 https://linktr.ee/robertod


All about crypto and airdrop

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.