A Lithuanian hacker is being extradited to South Korea for allegedly distributing the Windows-targeting KMSAuto malware, infecting over 2 million users and siphoning $1.18 million from their cryptocurrency wallets.
The suspect, a 29-year-old Lithuanian national, was at the center of a five-year, four-month investigation conducted by the Korean National Police Agency's National Office of Investigation (NOI).
Extradited from Georgia to South Korea on Sunday, authorities say the suspect, identified only as “Lithuanian A,” distributed the sophisticated malware, which allowed him to redirect cryptocurrency payments intended for victims to his own wallet by altering account numbers – a technique known as “memory hacking.”
Have thoughts about this topic? Others do, too. Join them in the discussion.
The KMSAuto malware, a fake Microsoft Windows activation tool, was said to have been downloaded a total of 2.8 million times worldwide from April 2020 to January 2023, affecting victims in South Korea and six other nations.
Once installed, the malware would automatically swap the recipient's crypto wallet address with the hacker's address in real time, during the transaction, and without the victims' knowledge.
The suspect is accused of embezzling a total of 1.7 billion Korean won ($1.18 million) from 3,100 cryptocurrency addresses, intercepting 840 transactions.
Last December, in a joint operation with Lithuanian police, officials raided the hacker’s home there and “seized 22 items, including mobile phones and laptops, under a search warrant,” according to the Korea Joongang Daily.
“We will continue to respond firmly to borderless cybercrime through global law enforcement collaboration and extradition,” said Park Woo-hyun, head of cyber investigations at the National Police Agency.
After Korea requested a red notice from Interpol, the Lithuanian hacker was arrested by Georgian police while attempting to enter the Eastern European nation this past April.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked