Security firm Intezer Labs reported that they have discovered a new type of malware which was designed to steal peoples private keys to access their crypto wallets and steal their funds.
The researchers discovered the malware last month in December 2020, but first signs of the malware were found from January 2020.
Sophisticated attack
This attack is not just a piece of malware spreaded on the internet. The attackers prepared a complete campaign around this malware. The malware was disguised as apps.
The first two apps; Jamm and eTrade are crypto trade management applications. The third; DaoPoker is a poker app. The apps were build from scratch and were downloadable from professional looking websites.
They created versions for Windows, Linux and Mac.
The attackers advertised their malware infected applications on different platforms among which Hive.
They also created social media accounts to promote their apps:
The malware was able to eva antivirus software for a long time. When the application was installed the malware could perform tasks as keylogging, screenshots, up- and downloading files and executing commands on the victim’s computer. The malware process was disguised as a process mdworker.
What (not) to do
If you have downloaded one of the apps mentioned above, remove them immediately and change your keys.
In general it's not a good idea to download and install all kinds of apps on the computer you use for your finance. This example shows that attackers nowadays invest a lot of time and money to make their malware infected applications look legit, so be careful!