Users looking for pirate software Malicious software for Clipper called Massjacker, according to Cyberk.
Malicious software for Clipper – this type cry .
“The infection network begins on the site called Pesktop (.) Com”, AR Novik Research – Note In an analysis published earlier this week. “This site, which presents itself as a site for pirate software, also tries to make people download all sorts of malware.”
The initial executed file acts as a pipe for running a PowerShell script that provides the specified malicious Botnet software Amadeyas well as two other .Net-binary files, each collected for 32- and 64-bit architecture.
Binary, codonomena Packer, is responsible for downloading an encrypted Dll, which in turn loads the second DLL file, which launches a useful load Massjacker, entering it into a legal Windows called “Instalutil.exe”.
Encrypted DLL includes features that enhance its evasion and ability to analyze, including timely (timely (timelyJit) Connection, reflection of metadata to hide functional calls, and custom virtual machine for team interpretation as opposed to running the usual .Net.
For its part, Massjacker comes with your own check against the shutdown and configuration to obtain all regular expression models to indicate cryptocurrency wallet addresses in the clipboard. It also resorts to a remote server to download files containing a wallet -controlling list.
“Massjacker creates the work handler to run every time the victim copies,” Novik said. “The handler checks the regeks, and when it finds a coincidence, it replaces the copied content owned by the threat from the downloaded list.”
Cyberark said more than 778 531 unique addresses owned by the attackers were only 423 of them containing funds for a total amount of approximately $ 95,300. But the total number of digital assets conducted in all these wallets before they are transferred is about $ 336,700.
Moreover, cryptocurrency costs about $ 87,000 (600 Sol), was found parked in one wallet, with more than 350 transactions that send money to a wallet from different addresses.
It is one who stands behind Massjacker is unknown, though a deeper study of the source code revealed overlapping Another malicious software known as MaslooggerWhich also took advantage of the JIT connection trying to withstand the efforts of the analysis.
