Malware

There’s a new malware spreading across Europe and Australia – a virus targeting Android devices to harvest login credentials for online banking apps and crypto wallets in an automated way.

Vultur Wings Its Way to Australia

Vultur, a Remote Access Trojan (RAT) that was being tested in Italy and Spain, is now rapidly spreading across Australia. The virus has been installed over 5000 times via Google Play Store disguised as an app called “Protection Guard”, so the number of victims should be the same.

[BLOG] New RAT banker #Vultur linked to infamous Google Play actor #Brunhilda using a novel MO to harvest credentials in a scalable way with screen recording an keylogging targeting banking app from: IT, AU, SE, NL, UKhttps://t.co/LNlbGBWP9o
— ThreatFabric (@ThreatFabric) July 29, 2021

Source: Twitter

A RAT malware is smuggled into a device to control it remotely, relying on the function of Virtual Network Computing (VNC). Through VNC, hackers try to obtain personal information to carry out online fraud on a massive scale.

For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way.
ThreatFabric researchers

Detecting Vulture

Outside of recently downloading any apps with the name of “Protection Guard”, ThreatFabric suggested that there was a way to detect the RAT:

You can also detect Vulture because when it’s transmitting data to its command-and-control server, the active “casting” icon will show up in the Android notifications. If you’re not casting something and the icon shows up anyway, that’s reason to worry.
ThreatFabric

To reduce the risk posed by RATs such as Vulture, Android users would be advised to ensure that they have a reputable antivirus app running in the background to detect any potential threats when new apps are downloaded.

Buy a Hardware Wallet

The attackers are targeting major crypto exchanges and mobile wallets including Kraken, Coinbase, Binance, CEX, eToro and more. While Android devices are the main target, users believe the virus may soon reach iOS.

Crypto users are warning others on social media, recommending they do not store their funds on exchanges and, if possible, get a hardware wallet and save most of their funds on it.

Scams, Hacks and Glitches on the Rise

As hacks and crypto scams become more common, newcomers should be wary when choosing their wallets. Rather than leave their funds in a crypto exchange, they should store them in a hardware wallet.

Roll, for instance, was a decentralised finance protocol attacked in March by a group of hackers that drained its wallet of over US$5.7 million. To this day, developers still don’t know how the platform got hacked.

As always, you can keep up to date with the many and varied scams out there by consulting Crypto News‘ comprehensive guide.

Over the past year, the cryptocurrency industry has gained a massive amount of growth in adoption, development, and awareness. This, on the other hand, has called the attention of malicious people, who are targeting cryptocurrency users with lots of fake and trojanized applications.

In a recent report, the cybersecurity researchers at Intezer informed about a so-called ElectroRAT malware, which has been developed to steal cryptocurrencies from popular operating systems.

ElectroRAT targets multiple operating systems

According to the cybersecurity researchers, the malware is estimated to have been active since January 2020, although they only learned about it in December.

So, over the estimated time, the wide-ranging malicious operation with malware has been to steal private keys to cryptocurrency from affected users. “This extensive operation is composed of a full-fledged marketing campaign, custom cryptocurrency-related applications, and a new Remote Access Tool (RAT) written from scratch,” they wrote.

ElectroRAT is designed to run with three different malicious applications for several operating systems, precisely Windows, Linux, and Mac.

For this reason, the malware is able to target cryptocurrency users on these popular operating systems. However, crypto users can only be affected if they download the malicious applications, which the attackers promote as a very successful trading instrument or a medium for processing several crypto transactions from a single interface.

Thousands Already Affected by ElectroRAT

By estimation, the researchers said in the report that thousands of cryptocurrency users have been infected with the ElectroRAT malware. This is “based on the number of unique visitors to the pastebin pages used to locate the command and control servers.”

One safety rule for keeping crypto is to not download any related, and unknown application pitched on any platform without thorough research. As reported, these trojanized applications were promoted on social media platforms and online forums. Secondly, it’s also advisable not to store your private keys online.