Attackers have created a crypto trading scheme that installs a backdoor on targeted systems.
MalwareHunterTeam is a security research team that has observed that a fake company has been set-up by the attackers. This company offers a free cryptocurrency trading platform called JMT Trader. The scheme is presented in an authentic-looking and professionally designed website that promotes the JMT Trader program. Upon attempting to download the software, the user is directed to a GitHub repository containing Windows and MAC executable files for JMT Trader. The source code has no hint of being malicious and looks completely secure.
The GitHub page and JMT trader application are mere clones of Qt Bitcoin Trader program. These clones are used to spread a malware campaign. The JMT installer installs a program called CrashReporter.exe which acts like the backdoor. The CrashReporter.exe is the malware component and launches on every user login. The CrashReporter.exe upon launching connects back to the CNC server “beastgoc.com” to receive commands which are then executed by the backdoor.
If you have installed JMT Trader then you must delete the CrashReporter.exe. You must also change the passwords of all the accounts that share the same password. Researchers have a suspicion that the attacks are conducted by Lazarus which is an APT group of North Korea. The attack scheme has a very similar pattern as that of previously known AppleJeus malware.
As most of us are aware that investing and trading in cryptocurrency is an opportunity of being a bigshot these days. However, it carries a threat of being hacked or attacked and can lead to a huge loss. NPAV suggests you to use authentic and secure applications and websites for investing and trading.
Use NPAV and stay protected from all cyber attacks.