Attackers have been built an elaborate scheme to disperse a crypto-currency trading program that installs a backdoor on a victim’s Windows PC or Mac. This has been discovered by a security researcher MalwareHunterTeam, where an attacker has created a fake company offering a free crypto-currency trading platform called JMT Trader. And it infects the victim with a backdoor Trojan when this program is being installed.
How the Crypto Trading Malware Scheme being Created
This scheme starts with a professionally designed web site where the attackers encourage the JMT Trader program, they also has been created a Twitter account that is used to promote the falsified company. According to the source, this account is fairly dormant with its latest tweet from the month of June.
If one attempt to download the program, he/she will be brought to a GitHub repository where the Windows and Mac executable for the JMT Trader application. When a user installs the Windows or mac version, a program called JMT Trader will be installed that can be used to trade crypto-currency at a variety of different exchanges. That is because this application and the above GitHub page is actually a clone of the legitimate QT Bitcoin Trader program that has been adopted for this malware operation.
When the JMT Trader is installed, the installer will also extract a secondary program known as CrashReporter.exe and save it to the JMTTrader folder. And this malware component acts as a backdoor. A scheduled task called JMTCrashReporter will be built that launches CrashReporter.exe every time a user logs into the system.
“When the CrashReporter.exe executable is launched, it will connect to a Command and Control server to receive commands which will then be executed by the backdoor,” according to reverse engineer and researcher Vitali Kremez.
How to Prevent From this Crypto Trading Scheme to Install
However, it is still not yet known whether the malware drops any other payloads or simply used as a backdoor to steal crypto currency wallets.
If any user installed this application, whether on a Mac or Windows, they should check their computer thoroughly for malware. And Victims should then change the passwords at any exchanges they have accounts.
