A beforehand unknown sort of cryptojacking malware referred to as MassJacker is concentrating on piracy customers and hijacking crypto transactions by changing saved addresses, according to a March 10 report from CyberArk.
The cryptojacking malware originates from the web site pesktop[dot]com, the place customers looking for to obtain pirated software program could unknowingly infect their gadgets with the MassJacker malware. After the malware is put in, the an infection swaps out crypto addresses saved on the clipboard software for addresses managed by the attacker.
In accordance with CyberArk, there are 778,531 distinctive wallets linked to the theft. Nonetheless, solely 423 wallets held crypto property at any level. The full quantity of crypto that had both been saved or transferred out of the wallets amounted to $336,700 as of August. Nonetheless, the corporate famous that the true extent of the theft might be larger or decrease.
One pockets, specifically, appeared energetic. This pockets contained simply over 600 Solana (SOL) on the time of study, price roughly $87,000, and had a historical past of holding non-fungible tokens. These NFTs included Gorilla Reborn and Susanoo.
Associated: Hackers have started using AI to churn out malware
A glance into the pockets on Solana’s blockchain explorer Solscan shows 1,184 transactions relationship again to March 11, 2022. Along with transfers, the pockets’s proprietor dabbled in decentralized finance in November 2024, swapping numerous tokens like Jupiter (JUP), Uniswap (UNI), USDC (USDC), and Raydium (RAY).
Crypto malware targets array of gadgets
Crypto malware just isn't new. The primary publicly obtainable cryptojacking script was released by Coinhive in 2017, and since then, attackers have focused an array of gadgets utilizing completely different working methods.
In February 2025, Kaspersky Labs stated that it had found crypto malware in app-making kits for Android and iOS. The malware had the flexibility to scan photos for crypto seed phrases. In October 2024, cybersecurity agency Checkmarx revealed it had discovered crypto-stealing malware in a Python Package Index, which is a platform for builders to obtain and share code. Different crypto malware have targeted macOS devices.
Associated: Mac users warned over malware ‘Cthulhu’ that steals crypto wallets
Reasonably than having victims open a suspicious PDF file or obtain a contaminated attachment, attackers are getting sneakier. One new “injection technique” includes the pretend job rip-off, the place an attacker will recruit their victim with the promise of a job. Throughout the digital interview, the attacker will ask the sufferer to “repair” microphone or digital camera entry points. That “repair” is what installs the malware, which might then drain the sufferer’s crypto pockets.
The “clipper” assault, by which malware alters cryptocurrency addresses copied to a clipboard, is much less well-known than ransomware or information-stealing malware. Nonetheless, it presents benefits for attackers, because it operates discreetly and sometimes goes undetected in sandbox environments, based on CyberArk.
Journal: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity