🚨 NOVA NOTÍCIA EM DESTAQUE! 🚨
Não deixe essa passar: clique e saiba tudo!
Apoie esse projeto de divulgacao de noticias! Clique aqui
A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software.
The 29-year-old man was extradited from Georgia to South Korea following a related request under Interpol’s coordination.
According to the Korean National Police Agency, the suspect used KMSAuto to lure victims into downloading a malicious executable that scanned the clipboard for cryptocurrency addresses and replaced them with ones controlled by the attacker - known as 'clipper malware'.
According to the Korean National Police Agency, the suspect added malware to the KMSAuto tool that checked clipboard contents for cryptocurrency addresses and changed the destination address to one controlled by the attacker. Esse tipo de ameaça é chamado de malware clipper.
"From April 2020 to January 2023, the hacker distributed 2.8 million copies worldwide of malware disguised as an illegal Windows license activation program (KMSAuto)," the police say.
"Through this malware, the hacker stole virtual assets worth approximately KRW 1.7 billion ($1.2 million) in 8,400 transactions from users of 3,100 virtual asset addresses."
The police started the investigation in August 2020, following a report about cryptojacking, where the victim’s system was infected by clipper malware, swapping the intended recipient’s wallet address to direct payments to the attacker.
Visão geral do ataqueFonte: policial.go.kr
The investigation uncovered a malware infection through the said KMSAuto tool. The clipper targeted at least six cryptocurrency exchanges, according to the investigators.
After tracing the stolen amounts and identifying the perpetrator, a raid occurred in December 2024 in Lithuania, where 22 items, including laptop computers and mobile phones, were confiscated.
Examination of the seized items revealed incriminating evidence, eventually leading to the arrest of the hacker in April 2025, while he was traveling from Lithuania to Georgia.
The South Korean police remind the public that using illegal software that violates copyright is risky because such tools can introduce malware into the system.
This type of utility has often been used to distribute malware. Recently, cybercriminals impersonated the Microsoft Activation Scripts (MAS) tool to spread PowerShell scripts that delivered the Cosmali Loader malware.
It is recommended to avoid using unofficial software product activators and, more generally, any Windows executables that aren’t digitally signed and whose source or integrity cannot be validated.
Divida silos IAM como Bitpanda, KnowBe4 e PathAI
IAM quebrado não é apenas um problema de TI – o impacto se espalha por todo o seu negócio.
Este guia prático aborda por que as práticas tradicionais de IAM não conseguem acompanhar as demandas modernas, exemplos de como é um IAM "bom" e uma lista de verificação simples para construir uma estratégia escalável.
Obtenha o guia
The 29-year-old man was extradited from Georgia to South Korea following a related request under Interpol’s coordination.
According to the Korean National Police Agency, the suspect used KMSAuto to lure victims into downloading a malicious executable that scanned the clipboard for cryptocurrency addresses and replaced them with ones controlled by the attacker - known as 'clipper malware'.
According to the Korean National Police Agency, the suspect added malware to the KMSAuto tool that checked clipboard contents for cryptocurrency addresses and changed the destination address to one controlled by the attacker. Esse tipo de ameaça é chamado de malware clipper.
"From April 2020 to January 2023, the hacker distributed 2.8 million copies worldwide of malware disguised as an illegal Windows license activation program (KMSAuto)," the police say.
"Through this malware, the hacker stole virtual assets worth approximately KRW 1.7 billion ($1.2 million) in 8,400 transactions from users of 3,100 virtual asset addresses."
The police started the investigation in August 2020, following a report about cryptojacking, where the victim’s system was infected by clipper malware, swapping the intended recipient’s wallet address to direct payments to the attacker.
Visão geral do ataqueFonte: policial.go.kr
The investigation uncovered a malware infection through the said KMSAuto tool. The clipper targeted at least six cryptocurrency exchanges, according to the investigators.
After tracing the stolen amounts and identifying the perpetrator, a raid occurred in December 2024 in Lithuania, where 22 items, including laptop computers and mobile phones, were confiscated.
Examination of the seized items revealed incriminating evidence, eventually leading to the arrest of the hacker in April 2025, while he was traveling from Lithuania to Georgia.
The South Korean police remind the public that using illegal software that violates copyright is risky because such tools can introduce malware into the system.
This type of utility has often been used to distribute malware. Recently, cybercriminals impersonated the Microsoft Activation Scripts (MAS) tool to spread PowerShell scripts that delivered the Cosmali Loader malware.
It is recommended to avoid using unofficial software product activators and, more generally, any Windows executables that aren’t digitally signed and whose source or integrity cannot be validated.
Divida silos IAM como Bitpanda, KnowBe4 e PathAI
IAM quebrado não é apenas um problema de TI – o impacto se espalha por todo o seu negócio.
Este guia prático aborda por que as práticas tradicionais de IAM não conseguem acompanhar as demandas modernas, exemplos de como é um IAM "bom" e uma lista de verificação simples para construir uma estratégia escalável.
Obtenha o guia
#samirnews #samir #news #boletimtec #hacker #preso #por #campanha #de #malware #kmsauto #com #2,8 #milhões #de #downloads
🔔 Siga-nos para não perder nenhuma atualização!
Postar um comentário