Some cyber attacks begin with a dangerous email landing in your inbox. Others might take a more direct, brute force approach or exploit multiple zero-day vulnerabilities in Windows. Sometimes, however, they begin with you and your actions, such as the password reuse attack or, as in the case of MassJacker, greed that can cost you dearly. And MassJacker attacks begin with a search for the wrong thing.
I’m old enough to remember when pirated software, in particular Amiga games, was distributed on floppy disc through the postal service within Jiffy bags to people who signed up with a cracking crew on one bulletin board to another. The practice was dangerous even then, with computer viruses and even the first ransomware malware coming along for the ride. Now, of course, things are much simpler for those who would save money on their software. All it takes is a search engine and a click to get to a website where you can download the booty. Simpler, but still dangerous. Such a search for pirated software is where the MassJacker attacks begin.
MassJacker is a previously unknown strain of cryptojacking malware, discovered recently by threat analysts at CyberArk. According to Ari Novick, a malware researcher at CyberArk Labs who authored a report into the threat, people searching for pirated software who find themselves at a site operated by the MassJacker threat actors will soon be in a whole heap of trouble.
The MassJacker malware download, should a victim take the bait, “executes a cmd script followed by a PowerShell script that downloads three more executables,” Novick said. All of this in order to pull off cryptocurrency theft. “Cryptojacking works,” Novick explained, “by replacing the addresses of crypto wallets copied by the user with ones belonging to the attacker in the clipboard.”
This can then lead, through further tricking of the victim, into transferring money to the attacker’s address, the attacker’s wallet. Novick warned that the CyberArk analysis had discovered at least 750,000 unique addresses that were being used by MassJacker, and one of these wallets was worth $300,000 alone.
