The team behind the popular Bitcoin Wallet app Electrum has exposed a look-alike app dubbed “Electrum Pro” that is hijacking user’s seed keys to then loot their digital assets. Devs are calling the malicious app an “Bitcoin-stealing malware.”
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
The popular wallet developer reiterated on Twitter of having evidence of the ongoing thievery. The company tweeted:
— Electrum (@ElectrumWallet) May 9, 2018
The wallet app devs provided a detailed explanation on GitHub of how the copycat wallet is stealing users’ seed keys. Seed keys are cryptographic access keys to digital wallets. If a user lands on the counterfeit platform and operates their bitcoin address through it, the malware on the scam product will store users’ access keys to later empty the bitcoin therein.
Electrum was launched in 2011 and is on the dot-org domain. Meanwhile, to come off as a genuine platform and deceive users, the counterfeit product uses the dot-com domain. Moreover, when a user enters the search term “Electrum” on Google, the copycat website ranks on the top five results. To make matters worse, sponsored Google ads even bring the fake app on top of all results.
In April, Electrum first cautioned users of the fake bitcoin wallet service through a tweet. At the time, they noted:
Electrum's website is https://t.co/aHiZIZH54e. We do not own electrum dot com, and "Electrum Pro" is very likely bitcoin stealing malware. Please use https://t.co/Rne1yx5acw for a list of Bitcoin wallet websites.
— Electrum (@ElectrumWallet) April 5, 2018
Since then the company has been urging users to be cautious of the fake app. In a bid to deceive naive users, the fake app not only uses the brand identity of the original app but goes beyond by claiming it to be a fork of Electrum.
According to Electrum devs, the malware on the copycat app only affects Windows and OS X, while the Linux version is harmless.
The explanation document highlighted this reality:
“Note that this post was looking at only one of the Windows binaries distributed by ‘electrum dot com,’ but it is safe to assume that the other Windows binaries are malicious as well. We also checked the Mac .dmg file, and it contained the same modifications. The Linux package seemed harmless, presumably because the scammers did not want to have these changes in plain sight.”
To overcome the problem, the company urges users to verify the GPG signatures before proceeding to use any wallet. Earlier this year, the Electrum wallet released a patch for a critical bug in its bitcoin wallets. The long-standing vulnerability allowed all websites that hosted Electrum wallet to steal users’ digital assets.
Last year, crypto exchange Poloniex users suffered similar issues when two counterfeit apps on Google Play Store masqueraded as an official app, stealing login credentials of users. Bitcoin’s value draws in bad actors to find new methods to swindle digital assets from cryptoverse denizens.
How can crypto community combat bad actors in the ecosystem? Share your views in the comments section.
Images via Brickblock, The Mary Sue