Beware of DDoS Attacks Taking over Computers to Mine Cryptocurrency

Countless people have become fascinated with the current values of cryptocurrencies, like Bitcoin. With popularity comes security vulnerability and hackers looking to take advantage of unsuspecting victims.

Cybersecurity researchers recently revealed a brand new type of DDoS (distributed denial of service) attack aimed at targeting cryptocurrency users. The attacks began as early as January 2020, and work in large part by distributing compromised applications to install undetected remote access tools on victim’s computers.

DDoS and Cryptocurrency: What’s Happening?

To get a better understanding of the types of attacks that are occurring, first we must learn as much as possible about a process that is very important in the world of cryptocurrency: mining.

“Mining” means a computer spends time solving a highly sophisticated math problem and, once that task is finished, a set of cryptocurrency transactions gets added to the digital ledger known as the blockchain. Every time a computer solves this math problem, it gets rewarded by way of newly “minted” coins of whichever currency they’re working with. This, in a broad sense, is how cryptocurrency comes into circulation in the first place.

A DDoS attack, on the other hand, is where a target is overloaded with “invalid” traffic as quickly as possible – thus rendering a website or even a particular service unavailable for a period of time. Now these rogue actors have a new target: cryptocurrency and blockchain providers.

Operation ElectroRAT

The most recent tool used to execute these types of attacks is called ElectroRAT. It is written in Golang and was designed to allow an attacker to target multiple operating systems at the same time – including Microsoft Windows, macOS, and Linux.

“Operation ElectroRAT,” as the attack has been dubbed, involves the creation of three distinct malicious applications – each one targeting one of the operating systems mentioned above. Two of them were disguised as cryptocurrency trade management applications, while the third pretended to be a cryptocurrency poker platform.

After unsuspecting users were convinced to download and install the apps, they would run hidden in the background of a computer. The actual tool – called mdworker – not only captures keystrokes and takes screenshots but can also upload files from a user’s hard drive to the Internet, download files to their machines, and execute malicious commands received from a remote server.

These types of tools can be used to mine and create new cryptocurrency on unsuspecting machines, but could also compromise a user’s cryptocurrency wallet – thus stealing all the funds inside or locking out the user permanently. All this, and the software will flood websites and applications related to Bitcoin and other cryptocurrencies with DDoS attacks – something they’re not equipped to handle under normal circumstances.

If you Become a Victim

What’s scary about this is the unknown Golang malware at the heart of it all – which is a big part why this campaign was able to go undetected for over a year. Indeed, most antivirus software was unaware it existed, thus allowing rogue actors to do as much damage as possible without drawing attention to themselves.

Users who have fallen victim to “Operation ElectroRAT” are encouraged to not only stop the process on their machine, but delete all files related to the malware and move cryptocurrency funds to a new wallet. Change all passwords associated with the compromised accounts and computers to avoid this in the future.


WAMS, Inc.

The experts at WAMS, Inc. all have a background in the legal industry and understand the software and the demands that come along with it. That’s why all our clients receive a dedicated account manager and engineer with specific planning that works for your business needs. We didn’t break into the tech world to pinch pennies from clients. We go into every partnership to help their business scale gracefully. Your company growth is our company growth, always.