Crypto-Hijacking Campaign Leverages New Golang RAT
An emerging operation leverages a new Remote Access Tool (RAT) that is designed to steal crypto-currency from users. Since January 2020, ElectroRAT, as named by Intezer, has been active in a full marketing campaign complete with applications, social media accounts and websites. The RAT is written in Golang and is designed to target Windows, Linux, and macOS.
The Trojanized applications were promoted on crypto-currency and blockchain forums in addition to social media to lure users to use the compromised tools. Three apps were built including “Jamn”, “eTrade”, and “DaoPoker”. The RAT runs in the background of these applications and can log keystrokes, upload and download files, and follow commands. The RAT was written from scratch and is used to steal personal information from users unknown to them.