Cybersecurity specialists have uncovered OpcJacker, a new malware strain, that has been targeting cryptocurrency users since mid-2022.
This malicious software spreads via counterfeit VPN services and uses a unique configuration approach to make analyzing its code flow challenging for experts.
The malware's primary functions include recording user input, capturing screenshots, stealing sensitive browser data, loading extra modules and swapping cryptocurrency addresses in the clipboard to hijack transactions. Researchers have observed that malicious software is disseminated through various schemes, including those that disguise it as cryptocurrency-related applications or legitimate software.
Earlier this year, fraudulent ads aimed at Iranian users impersonated legitimate VPN services. Victims were deceived into downloading a malware-infected archive file by being redirected to a compromised website.
Alex DovbnyaThis library assembles and executes a shellcode responsible for loading and running the malware from data chunks stored in different file formats.
The loader, which has been active for over a year, underwent minor modifications before incorporating an entirely new payload consisting of data-stealing and hijacking capabilities.
Users are advised to be cautious when downloading VPN services or cryptocurrency-related applications from unfamiliar websites.
Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Arman Shirinyan
Dan Burgin
Vladislav Sopov