Piracy Users Targeted by New Crypto-Stealing Malware
MassJacker, a newly discovered malware, is stealing cryptocurrency from users searching for pirated software. A recent report found that cybercriminals use this malware to hijack copied wallet addresses and reroute funds. This attack method poses a serious threat to cryptocurrency holders.
How MassJacker Infects Devices
The infection starts with a deceptive piracy website. Attackers lure users into downloading what appears to be free software. However, instead of the promised program, the user unknowingly installs malicious files.
The initial file executes a PowerShell script, delivering a botnet malware called Amadey along with two additional binaries. These files are designed for both 32-bit and 64-bit systems. A secondary component, known as PackerE, downloads an encrypted DLL, which activates the MassJacker payload.
How MassJacker Steals Cryptocurrency
MassJacker operates by monitoring the clipboard for cryptocurrency wallet addresses. Whenever a user copies a wallet address, the malware detects it using pattern recognition techniques. It then replaces the copied address with one controlled by the attacker.
This process happens instantly, leaving victims unaware that their funds are being redirected. The malware connects to a remote server to fetch updated lists of wallet addresses, ensuring continuous theft.
Evasion Techniques Used by MassJacker
To avoid detection, MassJacker uses advanced anti-analysis methods. It employs Just-In-Time (JIT) hooking and metadata token mapping to hide function calls. Instead of executing normal .NET code, it runs instructions through a custom virtual machine, making it harder to analyze.
Additionally, the malware prevents debugging attempts. Security researchers discovered over 778,000 unique wallet addresses linked to the attackers. Although only 423 wallets contained funds, they collectively held around $95,300. However, the total stolen before transfers reached approximately $336,700.
How to Stay Safe from MassJacker
To prevent infection, avoid downloading software from unverified sources. Always verify links before clicking and use a trusted antivirus program. Enable clipboard monitoring alerts to detect unusual address changes. Additionally, consider using hardware wallets for secure transactions. Staying cautious online is the best defense against such threats.
Sleep well, we got you covered.
