I really hate rodents, but especially ones that eat your money. Malware ElectroRat is after crypto wallets, says a researcher at cybersecurity firm Intezer. The malware has been in operation over the past year, and as excitement over cryptocurrency continues to escalate, the number of potential victims could grow too.
“It’s unsurprising to see novel malware being published, especially during a bull market in which the value of cryptocurrency is shooting up and making such attacks more profitable,” said Jameson Lopp, chief technology officer (CTO) at crypto custody startup Casa.
What You Need to Know About ElectroRat
From domain registrations to trojanized applications to fake social media accounts, the malware operation clearly has some savvy attackers behind it. The attackers have been able to fly under the radar for almost a year due to their ‘app-building from scratch’ methods that target multiple operating systems. ElectroRat seeks to snag private keys that give access to crypto wallets. From eTrade to poker apps, ElectroRat is at work with fake social media and user profiles that actively target users with content that looks like a legit download, except that it’s actually malware. Cryptocurrency has opened up a lucrative world for hackers. Behind the fake companies, profiles, and innocent looking apps are hackers with hidden malware capabilities. This particular malware, ElectroRat, can take screenshots, key logs and much more with a special eye towards creating crypto victims.
Clearance Holder Beware
While Bitcoin remains a policy gray area for security clearance holders, it may seem like a lucrative venture. Guidance and policy are still developing, with FinCen recently weighing in on cryptocurrency and the National Defense Authorization Act for Fiscal Year 2021 also weighing in on money laundering issues that are rising with cryptocurrency.
While PayPal’s recent jump into the crypto world and additional federal ruling helps to legitimize cryptocurrency, it doesn’t change the fact that use of the currency or investing in it remains a bit questionable for clearance holders.
“I am concerned that PayPal’s move to allow cryptocurrency on their platform gives a veneer of stability to what is fundamentally still a very risky investment,” said Sean Bigley, security clearance attorney and partner at Bigley Ranish. “Cryptocurrency is the digital equivalent of junk bonds; an investor can make a lot of money, but he or she can also lose everything in the blink of an eye. Clearance holders looking to ‘cash in’ on a big windfall should be mindful of the risks and proceed as though they were gambling – by not investing more than they can comfortably lose.”
If It’s Too Good to Be True…
If you want to dabble in the world of cryptocurrency, know that hackers are watching for you, so don’t fall for their tactics. Better to miss out on a deal than fall prey to identity theft and lost crypto cash. And it should go without saying that you make sure that your crypto adventures are not on a government device.