Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

MassJacker Malware Steals Cryptocurrency

March 14, 2025
Reading Time: 2 mins read
in Alerts

MassJacker malware specifically targets users seeking pirated software, delivering a new and previously undocumented clipper malware variant. This malware type, known as clipper malware, is designed to monitor clipboard content, allowing attackers to substitute copied cryptocurrency wallet addresses with their own. As a result, victims unknowingly send cryptocurrency to attacker-controlled wallets instead of the intended recipients. CyberArk researchers have traced the infection chain to a site named pesktop[.]com, which masquerades as a hub for pirated software. The site also attempts to convince users to download additional malware, creating a multi-layered attack.

The infection process starts when the victim downloads an executable from the malicious site. This executable runs a PowerShell script that deploys a botnet named Amadey along with two other .NET binaries. These binaries, compiled for both 32-bit and 64-bit systems, serve as the foundation for the attack. One of the binaries, codenamed PackerE, is responsible for downloading an encrypted dynamic-link library (DLL). This DLL, once decrypted, loads a second DLL that eventually launches the MassJacker payload by injecting it into a legitimate Windows process, “InstalUtil.exe.” This technique is used to bypass detection and run the attack under the guise of a trusted system process.

Once injected, MassJacker begins its work by incorporating advanced evasion techniques to avoid detection.

It uses Just-In-Time (JIT) hooking and a custom virtual machine to obscure function calls and evade analysis. The malware also includes anti-debugging checks, making it harder for security researchers to reverse-engineer. MassJacker monitors clipboard content for cryptocurrency wallet addresses and automatically replaces them with a wallet address controlled by the attacker. The malware also contacts a remote server to download a list of the attacker’s wallet addresses.

This server communication ensures the malware always has up-to-date addresses to use in its attacks.

CyberArk identified over 778,531 unique cryptocurrency wallet addresses belonging to the attackers, with 423 of these wallets containing funds. The total amount in these wallets was approximately $95,300, but the attackers had more funds before transferring them out. One particular wallet stood out, containing around $87,000 worth of cryptocurrency, which had been accumulated through over 350 transactions. This indicates that the attackers are actively stealing significant amounts of cryptocurrency through this method. The scale of the attack highlights a well-organized operation, targeting unsuspecting cryptocurrency users, particularly those involved with pirated software.

Reference:
  • New MassJacker Malware Hijacks Cryptocurrency Transactions from Piracy Users
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

NCC Urges Windows 11 Upgrade Cyber Defenses

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

FBI Seizes Multiple Game Piracy Sites

July 15, 2025
Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025

Latest Alerts

NCC Urges Windows 11 Upgrade Cyber Defenses

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Subscribe to our newsletter

    Latest Incidents

    Elmo Impersonator Posts Antisemitic Content

    PET Imaging Phishing Attack Hits

    Louis Vuitton Data Breach Global Impact

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial