Source: Cointelegraph Original: "{title}"
According to a report by CyberArk on March 10, a previously unknown cryptocurrency mining malware named MassJacker is targeting users of pirated software by hijacking cryptocurrency transactions through replacing stored addresses.
This cryptocurrency mining malware originates from the website pesktop [dot] com, and users attempting to download pirated software may unknowingly infect their devices with the MassJacker malware. Once installed, the infected device replaces the cryptocurrency addresses stored in the clipboard application with addresses controlled by the attacker.
CyberArk reports that there are 778,531 unique wallets associated with this theft. However, at any given time, only 423 wallets hold cryptocurrency assets. As of August, the total value of cryptocurrency stored or transferred from these wallets reached $336,700. However, the company notes that the actual amount stolen may be higher or lower.
One wallet, in particular, is especially active. At the time of analysis, this wallet held just over 600 Solana (SOL) coins, valued at approximately $87,000, and has a record of holding non-fungible tokens (NFTs). These NFTs include Gorilla Reborn and Susanoo.
Viewing this wallet on the Solana blockchain explorer Solscan reveals that there have been 1,184 transaction records since March 11, 2022. In addition to transfers, the wallet's owner has also ventured into decentralized finance in November 2024, trading various tokens such as JUP, UNI, USDC, and RAY.
Cryptocurrency malware targets multiple devices
Cryptocurrency malware is not a new phenomenon. In 2017, Coinhive released the first publicly available cryptocurrency mining script, and since then, attackers have targeted a variety of devices across different operating systems.
In February 2025, Kaspersky Lab reported that they discovered cryptocurrency malware in Android and iOS application development kits. This malware is capable of scanning images for cryptocurrency mnemonic phrases. In October 2024, cybersecurity company Checkmarx revealed that they found malware stealing cryptocurrency in the Python Package Index (a platform for developers to download and share code). Other cryptocurrency malware has targeted devices running Apple's macOS.
Attackers' tactics have become increasingly sophisticated, moving beyond simply getting victims to open suspicious PDF files or download contaminated attachments. A new "injection method" involves fake recruitment scams, where attackers lure victims with job opportunities. During video interviews, attackers prompt victims to "fix" access issues with their microphone or camera. This "fix" operation is actually the installation of malware, which then allows the malware to empty the victim's cryptocurrency wallet.
"Clipboard hijacking" attacks (where malware modifies cryptocurrency addresses copied to the clipboard) are not as well-known as ransomware or information-stealing malware. However, according to CyberArk, this type of attack has certain advantages for attackers, as it operates stealthily and is often difficult to detect in sandbox environments.
Related: Cryptocurrency users report receiving scam emails impersonating Coinbase and Gemini.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
