### Decompiling the Electrumpro Stealware

Electrum is a popular Bitcoin wallet, distributed on electrum.org and spesmilo/electrum.

A few weeks ago scammers bought the electrum dot com domain and started using it to distribute a modified malware version of electrum called ElectrumPro to steal its user’s bitcoins.

The electrum team published a decompiling guide for ElectrumPro binary on windows to proove that it is indeed stealing users:

This document describes how to decompile the “Electrum Pro” Windows binaries, and how to verify that they indeed contain bitcoin-stealing malware. We previously warned users against “Electrum Pro”, but we did not have formal evidence at that time.

The scammers seem to have invested a big sum to acquire the domain, which was previously used by someone in the US to sell energy drinks and food. The change happened on the 23rd of March 2018 according to whois data:

Domain Name: ELECTRUM.COM
Registry Domain ID: 24034_DOMAIN_COM-VRSN
Updated Date: 2018-03-23T21:33:29Z
Creation Date: 1996-05-15T04:00:00Z
Registry Expiry Date: 2023-05-16T04:00:00Z