Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems

This report analyzes a convergence between traditional malware and Web3-focused crypto theft, using two case studies: StepDrainer, a multichain drainer-as-a-service that uses polished AI/web lures, Web3Modal abuse, and automated extraction across >20 networks (with staging found across ~3,000 domains and on-chain configuration), and EtherRAT, a hybrid Windows implant distributed via a trojanized Tftpd64 MSI that establishes persistence, performs host reconnaissance, and includes Web3-aware RPC endpoints—demonstrating how browser-based drainers and host-level RATs now form blended attack chains targeting digital assets and enterprise hosts.