A newly discovered cryptojacking malware called MassJacker is infiltrating the devices of piracy users and hijacking cryptocurrency transactions. According to cybersecurity firm CyberArk, the malware replaces copied crypto wallet addresses with those controlled by attackers, leading to potential fund losses for unsuspecting victims.

The malware spreads through the website pesktop[dot]com, a known source for pirated software. Users downloading from the site unknowingly install MassJacker, which then lurks in the background, waiting to swap crypto addresses stored on their clipboard. The goal? Redirect funds meant for legitimate wallets to hacker-controlled accounts.

CyberArk’s investigation linked the malware to 778,531 unique wallets, though only 423 wallets were found to contain crypto at some point. The estimated total stolen stands at $336,700 as of August, but experts warn the real figure could be higher. One particularly active hacker wallet held 600+ Solana (SOL), worth around $87,000, and showed involvement in NFT collections like Gorilla Reborn and Susanoo.

The attack method used by MassJacker, known as a “clipper” attack, is a stealthy yet highly effective approach. Unlike ransomware, which locks users out of their devices, clippers discreetly alter clipboard data, making them difficult to detect.

Crypto-stealing malware has evolved over the years, targeting various operating systems and even app-making kits. In a growing trend, hackers use fake job interviews to trick victims into installing malicious software under the guise of fixing technical issues.

As crypto adoption rises, so does the sophistication of cyber threats. Experts urge users to download software only from trusted sources and double-check wallet addresses before transactions to avoid falling victim to these silent but devastating attacks.