New MassJacker malware is hijacking digital wallets to steal large sums from users

A new malware campaign is rerouting thousands of dollars from cryptocurrency transactions into the accounts of hackers.As reported by The Hacker News, the malware, called MassJacker, is a type of cryware known as clipper malware which is targeting users searching for pirated software online.Instead of the pirated software though, they actually end up downloading clipper malware which is designed to steal cryptocurrency by watching an infected machine’s clipboard and switching out copied cryptocurrency wallet addresses for one controlled by the attackers behind this campaign. According to a new report from CyberArk, the infection chain starts at pesktop[.]com which is a site commonly used to acquire pirated software that also tries to infect systems with multiple types of malware. The initial MassJacker executable acts as a conduit to run a PowerShell script for the Amadey botnet malware and two .NET binaries including one codenamed PackerE.PackerE downloads an encrypted DLL file which then loads a second malicious file that launches the MassJacker payload by injecting it into a legitimate Windows process called InstalUtil.exe. This encrypted DLL incorporates features to evade and avoid analysis including Just-In-Time (JIT) hooking, metadata token mapping, and a custom virtual machine.

How to stay safe from clipper malware

Just like with some other malware strains, getting infected by MassJacker is completely avoidable. As long as you're not downloading pirated software, you should have nothing to worry about at least for now.To keep your devices protected from malware that can slip through the cracks though, you should be using the best antivirus software on your Windows PC or the best Mac antivirus software on your Apple computer. These security programs continually scan all of your existing files and any new ones you try to download for malware.As for keeping your cryptocurrency transactions safe, it might be worth investing in one of the best laptops or even one of the best computers and using that machine solely for crypto. This might sound a bit drastic but by keeping the rest of your online activity separate from your crypto transactions, you can avoid having your funds stolen by malware like MassJacker or by phishing attacks designed to steal your recovery phrase which you should save the old fashioned way on a piece of paper in a secure location as opposed to on your computer or in one of the best password managers.Since recovering lost cryptocurrency is almost impossible, hackers will likely continue to target crypto users online. This is why you need to be extra careful and practice excellent cyber hygiene when dealing with digital currencies.