Crypto Tech, Cryptocurrency, Hot News

R.A.T. Outbreak: Targeting Crypto Exchanges and Wallets

Cryptocurrency traders, blockchain, and crypto firms have been warned to prepare for an intensified outbreak of cybercrime-related attacks, with damaging new malware strains now circulating.

As per summary compiled by ThreatFabric, hackers have been deploying advanced new malware codes in an effort to deceive unsuspecting businesses and individuals. And although most of these have been programmed to target online banking platforms, they are usually just as capable when it comes to endangering crypto exchanges and wallets.

The firm has collected a list of Remote Access Trojans (RATs) that could pose a notable threat to mobile and remote transactions during the year ahead – the Year of the Rat, as received in many Asian horoscopes.

RATs allow hackers to carry out deceitful transactions straight from the victims’ infected devices and have seen a rise in the number of reported mobile malware-related incidents in recent years.

ThreatFabric says that some of the numerous popular banking trojans that could pose a threat to dare crypto exchanges and wallets this year include the following:


This piece of malware surfaced on the scene in June last year, bringing over from the rented banking trojan Anubis.

In its early days, Cerberus required ample capabilities to lessen the detection check for anti-fraud solutions, but last January, an enhanced version of the RAT made its appearance.

Some of its targets: ING Direct France, Google Play Store, Gmail, Lloyds Bank Mobile Banking, Microsoft Outlook, Wells Fargo Mobile, Yahoo Mail, Facebook, Instagram, PayPal, Snapchat, Twitter, Viber, Whatsapp, Telegram.


Perhaps the first Android platform banking trojan to rely on the mobile platform’s Accessibility Service, Gutstuff was first exposed in 2016. But its newest versions describe a notable improvement when matched with earlier codes. Its current version is injected with added functionalities such as keylogging, browser overlays and the first-ever Android financial trojan, Automated Transaction Systems (ATSs). The malware has largely been used to infiltrate banks based in Australia and Canada, but its users’ targets also spread to crypto wallets.

Some of its targets are Google Play, RBC Mobile, Coinbase, Skrill, Blockchain Wallet, BitPay, Electrum, Xapo, Abra, and Freewallet.


Originally programmed as an SMS hacking engine in 2019, Ginp has sustained a dynamic development, combining code from existing malware, and fusion the codes into a complete banking trojan. To steal credit card data and other credentials, this trojan uses overlay attacks through push notifications. It is now outfitted with a keylogging function that lets it take over several of the major functions of hijacked devices. What it still needs is the capability to remain undetected, but enhanced versions keep rolling out.

Some of its targets are CaixaBank, Santander, eBay, Play Store, Youtube, Skype, Instagram, and Facebook.


This malware sprang into life as a dropper service but also emphasises screencast capacities. Since February 2019, though been used as a fully-fledged banking trojan. While it does not yet have comprehensive RAT functionality, the malware’s well-coded modular structure means it is only a hair’s breadth away from shifting as effective as many other banking trojans. Until lately, Hydra users’ top targets were Turkish banks and selected crypto wallet apps, and its extent is beginning to increase.

Some of its targets are Binance, BtcTurk, Bitfinex, Coinbase, Netflix, Poloniex, Blockchain Wallet, and Yahoo mail.


This afore-mentioned banking trojan is not dead yet, notwithstanding the increase of Cerberus and the victorious conviction of its originator.

It continues a favorite choice for hackers involved in enhancing Android banking malware of their own.

New versions continue to emerge. And in January of 2019, a user on a Russian-language clandestine malware discussion stated that they were contributing a 2.5 version that highlighted full RAT functionality.

Leave a Comment

Leave a Reply