Previously unknown cryptojacking malware, dubbed MassJacker, allows hackers to steal thousands of dollars worth of crypto, CyberArc researchers claim.
Cryptojacking typically describes malware that uses a hijacked computer’s resources to mine crypto. In its latest report, CyberArk researchers refer to cryptojacking as a process where malware replaces the addresses of crypto wallets copied by the user with ones belonging to the attacker in the clipboard.
By doing so, the attacker attempts to trick the victim into transferring money to the attacker’s address instead of the intended target.
The malware, which was found on a pirate software website, executes a cmd script followed by a PowerShell script that downloads three more executables.
One of them is Amadey, a popular malware-as-a-service botnet, while the other two are dotnet executables. According to CyberArk, they appear to be the same type of malware compiled for 32-bit and 64-bit architectures.
The researchers originally examined a sample containing 50,000 wallets belonging to cybercriminals. Adding the wallets from older files resulted in nearly 780,000 unique addresses.
Of all wallets, 423 had money, which, at the time of CyberArk research, was worth around $95,000. However, the report claims that most transactions come from fraudulent activities other than MassJacker malware.
CyberArk also found one solana address holding $300,000 worth of crypto, which appears to be the central wallet for cybercriminal operations.
According to the report, the malware may be distributed by a hacker group since wallets share the same file names and encryption key. However, there’s also the possibility that it may be sold as a service and used by different groups.
Your email address will not be published. Required fields are markedmarked