Lithuanian National Arrested for Massive Crypto Clipboard Hijacking
A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software.
The 29-year-old man was extradited from Georgia to south Korea following a request under Interpol’s coordination.
The Korean National Police Agency reports the suspect used KMSAuto to trick victims into downloading a malicious executable. This file scanned the clipboard for cryptocurrency addresses and replaced them with addresses controlled by the attacker – a tactic known as ‘clipper malware’.
The suspect modified the KMSAuto tool to check clipboard contents for cryptocurrency addresses and then swapped the destination address with one he controlled.This is a classic exmaple of clipper malware in action.
“From April 2020 to January 2023, the hacker distributed 2.8 million copies worldwide of malware disguised as an illegal Windows licensing tool,” stated the Korean National Police Agency.
Related reading
