Researchers at popular Bitcoin wallet app Electrum have exposed a malicious copycat that has been designed to steal seed keys. The dubious doppelganger called Electrum Pro appeared online in March and has been flagged as malware since.
Fake Bitcoin Wallet Swipes Seed Keys
According to reports the team behind the original wallet posted a document on Github explaining how to get rid of the impostor. It was obvious for a while that the duplicate wallet was malicious as it used the branding of the company without permission. In a further attempt to deceive users into downloading the malware cybercriminals registered the electrum.com domain to copy the original electrum.org.
Developers have exposed a line of code from the fake wallet that appears to take the user’s seed key and upload it to the spurious domain. The seed keys are cryptographic keys that owners use to access different wallets via the app. Once compromised, the hackers can use these keys to empty crypto wallets of unsuspecting users that downloaded the wrong app.
Electrum devs had previous issued warnings about the copycat;
“We previously warned users against ‘Electrum Pro’, but we did not have formal evidence at that time,”
They have already analyzed MacOS and Windows binaries and found a high likelihood of other binaries being malicious also.
Crypto Malware Mounting
Earlier this month is was revealed that a previously discovered Chrome extension that uses Facebook’s messenger service to inject malicious mining scripts had resurfaced in April. The FacexWorm hijacks CPU computing power to pilfer Monero in addition to spreading affiliate links for various crypto exchanges.
Other reports indicate that as many as 400 US government and business websites running the Drupal content management system could be infected with mining malware. Those infected were running an outdated version of the platform and included websites of the US National Labor Relations Board (NLRB), Chinese tech giant Lenovo, Taiwanese network hardware manufacturer D-Link, and the University of California (UCLA).
According to the report government administered websites in the Mexico, Turkey, Peru, South Africa, and Italy have also been affected with the mining malware. As with the majority of these types of infections, Coinhive is once again the culprit. As crypto becomes a part of more people’s lives malware designed to steal it by mining or otherwise will be on the rise.
Image from Shutterstock