March 11, 2025 By Bill Toulas
A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers.
According to CyberArk, who discovered the MassJacker campaign, roughly 423 wallets linked to the operation contained $95,300 at the time of the analysis, but historical data suggests more significant transactions.
Also, there's a single Solana wallet that the threat actors appear to use as a central money-receiving hub, which has amassed over $300,000 in transactions so far.
CyberArk suspects that the entire MassJacker operation is associated with a specific threat group, as file names downloaded from command and control servers and encryption keys used to decrypt the files were the same throughout the entire campaign.
However, the operation could still be following a malware-as-a-service model, where a central administrator sells access to various cybercriminals.
