Bitcoin 800x450

The ElectroRAT cryptocurrency-stealing malware was written from scratch and was likely installed by thousands of Linux, Windows and MacOS users over the past year.


Soaring cryptocurrency valuations have broken record after record over the past few years, turning people with once-modest holdings into overnight millionaires. One determined ring of criminals has tried to join the party using a wide-ranging operation that for the past 12 months has used a full-fledged marketing campaign to push custom-made malware written from scratch for Windows, macOS, and Linux devices.

The operation, which has been active since at least January 2020, has spared no effort in stealing the wallet addresses of unwitting cryptocurrency holders, according to a report published by security firm Intezer. The scheme includes three separate trojanized apps, each of which runs on Windows, macOS, and Linux. It also relies on a network of fake companies, websites, and social media profiles to win the confidence of potential victims.