Decompiling the Electrumpro Stealware
A few weeks ago scammers bought the electrum dot com domain and started using it to distribute a modified malware version of electrum called ElectrumPro to steal its user’s bitcoins.
The electrum team published a decompiling guide for ElectrumPro binary on windows to proove that it is indeed stealing users:
This document describes how to decompile the “Electrum Pro” Windows binaries, and how to verify that they indeed contain bitcoin-stealing malware. We previously warned users against “Electrum Pro”, but we did not have formal evidence at that time.
The scammers seem to have invested a big sum to acquire the domain, which was previously used by someone in the US to sell energy drinks and food. The change happened on the 23rd of March 2018 according to whois data:
Domain Name: ELECTRUM.COM Registry Domain ID: 24034_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.godaddy.com Registrar URL: http://www.godaddy.com Updated Date: 2018-03-23T21:33:29Z Creation Date: 1996-05-15T04:00:00Z Registry Expiry Date: 2023-05-16T04:00:00Z Registrar: GoDaddy.com, LLC Registrar IANA ID: 146 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: 480-624-2505
As a reminder the only official website for the Electrum wallet is electrum.org.
Support us and the authors of this article by donating to the following address:36cPz3bxFd4Cu6wAnbiuMEFCbicgmcptsL