Home / Archive / ‘Bitcoin-stealing Malware’: BTC Wallet Electrum Exposes Malicious Copycat

‘Bitcoin-stealing Malware’: BTC Wallet Electrum Exposes Malicious Copycat

Last Updated March 4, 2021 5:07 PM
Vignesh Selvasundar
Last Updated March 4, 2021 5:07 PM

Popular bitcoin wallet service Electrum has released evidence demonstrating that copycat client “Electrum Pro” is “bitcoin-stealing malware.”

First launched in 2011, Electrum has long been one of bitcoin’s most popular wallet clients, and many users trust the wallet for its proven security, ease-of-use, and its support for advanced features like multisig authentication and compatibility with hardware wallets like Ledger and Trezor.

Recently, a new wallet that goes by a similar name — Electrum Pro — popped up with the domain name, electrum.com, clearly attempting to divert users from the official website at electrum.org .

The team behind Electrum now claims Electrum Pro is a malware meant to steal bitcoins. To make things worse, Electrum Pro comes above the legitimate Electrum on Google search because of Google Ads, a fact that will clearly trip up many users.

The team behind Electrum has given a detailed explanation on Github  which anyone can follow to find the rogue lines of code on Electrum Pro which steals recovery seeds and sends them to the attackers.

A recovery seed is a feature in most modern wallets where random words are generated that can be used to recover a wallet if the keys are lost. Once these keys are transmitted, the scammers can use it to retrieve user wallets along with all their funds.

This is not the first time a fraudulent Electrum wallet has appeared. Scammers have registered similar domains, hosting an infected version of the software for users to download. However, this is the first time scammers have been able to use the electrum.com domain.

The website looks reasonably professional, and it is hard to identify it as a fraud unless you have been to the original site before. They have a slightly different logo and claim to be a fork of the legitimate Electrum wallet.

Electrum claims the malware is only available in the Windows and OS X versions of ElectrumPro. The Linux version remains unaffected, probably because the scammers did not want to have it in plain sight.

To combat these problems, Electrum recommends users check the GPG signatures before they start using the wallet. In addition to GPG signatures, Electrum is working towards verifying the wallet using Windows native scheme. Also, some point, they intend to have the official app on Mac App Store to avoid similar scams.

If you have recently installed Electrum, make sure you installed the official version from electrum.org  and not from any other source. If you mistakenly used the malicious wallet, move your bitcoins immediately and remove the application from your computer.

Featured Image from Shutterstock