10 hours ago
37
A antecedently chartless benignant of cryptojacking malware called MassJacker is targeting piracy users and hijacking crypto transactions by replacing stored addresses, according to a March 10 study from CyberArk.
The cryptojacking malware originates from the website pesktop[dot]com, wherever users seeking to download pirated bundle whitethorn unknowingly infect their devices with the MassJacker malware. After the malware is installed, the corruption swaps retired crypto addresses stored connected the clipboard exertion for addresses controlled by the attacker.
According to CyberArk, determination are 778,531 unsocial wallets linked to the theft. However, lone 423 wallets held crypto assets astatine immoderate point. The full magnitude of crypto that had either been stored oregon transferred retired of the wallets amounted to $336,700 arsenic of August. However, the institution noted that the existent grade of the theft could beryllium higher oregon lower.
One wallet, successful particular, seemed active. This wallet contained conscionable implicit 600 Solana (SOL) astatine the clip of analysis, worthy astir $87,000, and had a past of holding non-fungible tokens. These NFTs included Gorilla Reborn and Susanoo.
Related: Hackers person started utilizing AI to churn retired malware
A look into the wallet connected Solana’s blockchain explorer Solscan shows 1,184 transactions dating backmost to March 11, 2022. In summation to transfers, the wallet’s proprietor dabbled successful decentralized concern successful November 2024, swapping assorted tokens similar Jupiter (JUP), Uniswap (UNI), USDC (USDC), and Raydium (RAY).
Crypto malware targets array of devices
Crypto malware is not new. The archetypal publically disposable cryptojacking publication was released by Coinhive successful 2017, and since then, attackers person targeted an array of devices utilizing antithetic operating systems.
In February 2025, Kaspersky Labs said that it had recovered crypto malware successful app-making kits for Android and iOS. The malware had the quality to scan images for crypto effect phrases. In October 2024, cybersecurity steadfast Checkmarx revealed it had discovered crypto-stealing malware successful a Python Package Index, which is simply a level for developers to download and stock code. Other crypto malware have targeted macOS devices.
Related: Mac users warned implicit malware ‘Cthulhu’ that steals crypto wallets
Rather than having victims unfastened a suspicious PDF record oregon download a contaminated attachment, attackers are getting sneakier. One caller “injection method” involves the fake occupation scam, wherever an attacker will enlistee their unfortunate with the committedness of a job. During the virtual interview, the attacker volition inquire the unfortunate to “fix” microphone oregon camera entree issues. That “fix” is what installs the malware, which tin past drain the victim’s crypto wallet.
The “clipper” attack, successful which malware alters cryptocurrency addresses copied to a clipboard, is little well-known than ransomware oregon information-stealing malware. However, it offers advantages for attackers, arsenic it operates discreetly and often goes undetected successful sandbox environments, according to CyberArk.
Magazine: Real AI usage cases successful crypto, No. 3: Smart declaration audits & cybersecurity
English (US) ·