Cryptocurrency assets have been targeted by the novel MassJacker clipboard hijacking operation using 778,531 cryptocurrency wallet addresses, BleepingComputer reports.Threat actors behind the operation have leveraged the cracked software and malware-hosting site pesktop[.]com to distribute malicious software installers that execute scripts retrieving an Amadey bot and the PackerE and PackerD1 loader files, according to a CyberArk report.Amadey’s deployment of the PackerE loader then triggers PackerD1, which not only features anti-detection capabilities but also decrypts PackerD2 for the installation of the MassJacker payload.MassJacker is then used to track clipboards for cryptocurrency wallet addresses, which are later replaced with a wallet address belonging to the attacker enabling the delivery of cryptocurrency assets without the knowledge of victims, said CyberArk researchers.Further research into MassJacker and other major cryptojacking operations has been urged by CyberArk, which noted that any findings on such operations could help determine various threat actors.
Over 778K cryptowallets leveraged by MassJacker clipboard hijacking operation
