CyberArk has identified a malware campaign that exploits users seeking pirated software, delivering a novel clipper malware named MassJacker. This malware monitors clipboard content to substitute legitimate cryptocurrency wallet addresses with those controlled by attackers, facilitating theft. The infection process starts at a malicious site, pesktop.com, leading to the download of various forms of malware, including botnet software. MassJacker implements advanced evasion techniques, such as anti-debugging measures and regex patterns, to effectively execute its fraudulent operations by manipulating copied data, which heightens its threat to cryptocurrency users.
"The infection chain begins at a site called pesktop[.]com, which presents itself as a site to get pirated software, also tries to get people to download all sorts of malware."
"MassJacker creates an event handler to run whenever the victim copies anything. The handler checks the regexes, and if it finds a match, it replaces the clipboard content with an attacker-controlled address."
Collection
[
|
...
]