Union Crypto Trader

Malware updated 5 months ago (2024-11-29T14:15:42.583Z)
Download STIX
Preview STIX
Union Crypto Trader is a malicious software (malware) that targets cryptocurrency applications, specifically the Blackbird Bitcoin Arbitrage application. It was discovered that both Celas LLC and JMT Trader had previously modified the same type of cryptocurrency application, Q.T. Bitcoin Trader. Union Crypto Trader, along with JMT Trader, perform similar actions and share identical functionality. The malware operates covertly, often without the knowledge of the user, to exploit and damage computer systems. Its primary mode of entry is through suspicious downloads, emails, or websites. Once installed, Union Crypto Trader presents itself as a service that "automatically installs updates for Union Crypto Trader." Upon launch, it collects the victim's host information through a method known as System Owner/User Discovery (T1033). The collected data is then combined into a string, which is subsequently MD5 hashed and stored in the auth_signature variable before being exfiltrated. This exfiltration process involves sending the stolen data to a command-and-control (C2) website, a technique known as Exfiltration Over C2 Channel (T1041). The Union Crypto Trader and Celas LLC employ XOR values that are 16 bytes in length. The use of these XOR values is likely part of the malware's strategy to obfuscate its activities and evade detection. In summary, Union Crypto Trader represents a significant threat to users of the targeted cryptocurrency applications due to its ability to steal sensitive information, disrupt system operations, and potentially hold data for ransom.
Description last updated: 2023-10-11T03:58:17.187Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Union Crypto Trader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago