A beforehand unknown kind of cryptojacking malware known as MassJacker is concentrating on piracy customers and hijacking crypto transactions by changing saved addresses, according to a March 10 report from CyberArk.
The cryptojacking malware originates from the web site pesktop[dot]com, the place customers in search of to obtain pirated software program could unknowingly infect their units with the MassJacker malware. After the malware is put in, the an infection swaps out crypto addresses saved on the clipboard software for addresses managed by the attacker.
Based on CyberArk, there are 778,531 distinctive wallets linked to the theft. Nevertheless, solely 423 wallets held crypto property at any level. The full quantity of crypto that had both been saved or transferred out of the wallets amounted to $336,700 as of August. Nevertheless, the corporate famous that the true extent of the theft might be increased or decrease.
One pockets, particularly, appeared energetic. This pockets contained simply over 600 Solana (SOL) on the time of research, value roughly $87,000, and had a historical past of holding non-fungible tokens. These NFTs included Gorilla Reborn and Susanoo.
Associated: Hackers have started using AI to churn out malware
A glance into the pockets on Solana’s blockchain explorer Solscan shows 1,184 transactions courting again to March 11, 2022. Along with transfers, the pockets’s proprietor dabbled in decentralized finance in November 2024, swapping varied tokens like Jupiter (JUP), Uniswap (UNI), USDC (USDC), and Raydium (RAY).
Crypto malware targets array of units
Crypto malware isn't new. The primary publicly out there cryptojacking script was released by Coinhive in 2017, and since then, attackers have focused an array of units utilizing totally different working programs.
In February 2025, Kaspersky Labs stated that it had found crypto malware in app-making kits for Android and iOS. The malware had the flexibility to scan pictures for crypto seed phrases. In October 2024, cybersecurity agency Checkmarx revealed it had discovered crypto-stealing malware in a Python Package Index, which is a platform for builders to obtain and share code. Different crypto malware have targeted macOS devices.
Associated: Mac users warned over malware ‘Cthulhu’ that steals crypto wallets
Relatively than having victims open a suspicious PDF file or obtain a contaminated attachment, attackers are getting sneakier. One new “injection technique” entails the faux job rip-off, the place an attacker will recruit their victim with the promise of a job. In the course of the digital interview, the attacker will ask the sufferer to “repair” microphone or digicam entry points. That “repair” is what installs the malware, which might then drain the sufferer’s crypto pockets.
The “clipper” assault, through which malware alters cryptocurrency addresses copied to a clipboard, is much less well-known than ransomware or information-stealing malware. Nevertheless, it affords benefits for attackers, because it operates discreetly and sometimes goes undetected in sandbox environments, in keeping with CyberArk.
Journal: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity
