Security News > 2023 > April > Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service
A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign.
"OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro researchers Jaromir Horejsi and Joseph C. Chen said.
The February 2023 campaign specifically singled out users in Iran under the pretext of offering a VPN service.
OpcJacker is concealed using a crypter known as Babadeda and makes use of a configuration file to activate its data harvesting functions.
Given the malware's ability to steal crypto funds from wallets, the campaigns are suspected to be financially-motivated.
NullMixer also stands out for simultaneously dropping a wide variety of off-the-shelf malware, including PseudoManuscrypt, Raccoon Stealer, GCleaner, Fabookie, and a new malware loader referred to as Crashtech Loader, leading to large-scale infections.
News URL
https://thehackernews.com/2023/04/crypto-stealing-opcjacker-malware.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)
- Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Crypto-stealing malware posing as a meeting app targets Web3 pros (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)