A beforehand unknown sort of cryptojacking malware known as MassJacker is focusing on piracy customers and hijacking crypto transactions by changing saved addresses, according to a March 10 report from CyberArk.
The cryptojacking malware originates from the web site pesktop[dot]com, the place customers searching for to obtain pirated software program might unknowingly infect their gadgets with the MassJacker malware. After the malware is put in, the an infection swaps out crypto addresses saved on the clipboard software for addresses managed by the attacker.
According to CyberArk, there are 778,531 distinctive wallets linked to the theft. However, solely 423 wallets held crypto property at any level. The whole quantity of crypto that had both been saved or transferred out of the wallets amounted to $336,700 as of August. However, the corporate famous that the true extent of the theft may very well be greater or decrease.
One pockets, specifically, appeared lively. This pockets contained simply over 600 Solana (SOL) on the time of research, price roughly $87,000, and had a historical past of holding non-fungible tokens. These NFTs included Gorilla Reborn and Susanoo.
Related: Hackers have started using AI to churn out malware
A glance into the pockets on Solana’s blockchain explorer Solscan shows 1,184 transactions courting again to March 11, 2022. In addition to transfers, the pockets’s proprietor dabbled in decentralized finance in November 2024, swapping varied tokens like Jupiter (JUP), Uniswap (UNI), USDC (USDC), and Raydium (RAY).
Crypto malware targets array of gadgets
Crypto malware is just not new. The first publicly obtainable cryptojacking script was released by Coinhive in 2017, and since then, attackers have focused an array of gadgets utilizing totally different working methods.
In February 2025, Kaspersky Labs mentioned that it had found crypto malware in app-making kits for Android and iOS. The malware had the power to scan photos for crypto seed phrases. In October 2024, cybersecurity agency Checkmarx revealed it had discovered crypto-stealing malware in a Python Package Index, which is a platform for builders to obtain and share code. Other crypto malware have targeted macOS devices.
Related: Mac users warned over malware ‘Cthulhu’ that steals crypto wallets
Rather than having victims open a suspicious PDF file or obtain a contaminated attachment, attackers are getting sneakier. One new “injection technique” includes the faux job rip-off, the place an attacker will recruit their victim with the promise of a job. During the digital interview, the attacker will ask the sufferer to “repair” microphone or digital camera entry points. That “repair” is what installs the malware, which might then drain the sufferer’s crypto pockets.
The “clipper” assault, by which malware alters cryptocurrency addresses copied to a clipboard, is much less well-known than ransomware or information-stealing malware. However, it presents benefits for attackers, because it operates discreetly and infrequently goes undetected in sandbox environments, in keeping with CyberArk.
Magazine: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity
