MassJacker Malware: Crypto Theft from Piracy Users
MassJacker Malware Targets Piracy Users, Steals Crypto
CyberArk recently uncovered MassJacker, a novel cryptojacking malware targeting users of pirated software. Originating from pesktop[dot]com, this malware secretly replaces cryptocurrency addresses copied to the clipboard with attacker-controlled addresses, resulting in crypto theft.
The Scale of the Attack: CyberArk identified 778,531 unique wallets linked to the malware, with 423 wallets containing crypto assets at some point. The total stolen cryptocurrency amounted to approximately $336,700 as of August, though the actual figure may be higher or lower.
One particularly active wallet held over 600 Solana (SOL), valued at roughly $87,000, and contained several NFTs, including Gorilla Reborn and Susanoo. Analysis reveals 1,184 transactions associated with this wallet since March 11, 2022, including DeFi activities involving tokens like JUP, UNI, USDC, and RAY.
Crypto Malware: A Growing Threat
Crypto malware is not new, with the first public cryptojacking script appearing in 2017. Since then, attackers have continuously evolved their methods and targeted various devices and operating systems. Recent examples include:
- Crypto malware found in Android and iOS app-making kits (February 2025).
- Crypto-stealing malware discovered in a Python Package Index (October 2024).
- Malware targeting macOS devices.
Attackers are becoming increasingly sophisticated. Beyond traditional methods, new techniques like fake job scams are used to install malware during virtual interviews, often under the guise of technical troubleshooting.
The “clipper” attack, employed by MassJacker, is a stealthy method that often evades detection. By silently altering clipboard addresses, it allows attackers to quietly redirect cryptocurrency transactions.
Protecting Yourself
To mitigate the risk of cryptojacking malware, Codeum recommends practicing safe computing habits, including downloading software only from reputable sources, using antivirus software, and regularly updating your systems. Furthermore, Codeum offers comprehensive blockchain security services, including smart contract audits, to help protect your crypto assets and projects.
Codeum Services: Our expertise encompasses smart contract audits, KYC verification, custom smart contract and DApp development, tokenomics and security consultation, and partnerships with launchpads and crypto agencies. Contact us today to enhance your blockchain security.