A Lithuanian nationwide has been arrested for his alleged involvement in infecting 2.8 million programs with clipboard-stealing malware disguised because the KMSAuto instrument for illegally activating Home windows and Workplace software program.
The 29-year-old man was extradited from Georgia to South Korea following a associated request beneath Interpol’s coordination.
In accordance with the Korean Nationwide Police Company, the suspect used KMSAuto to lure victims into downloading a malicious executable that scanned the clipboard for cryptocurrency addresses and changed them with ones managed by the attacker – generally known as ‘clipper malware’.
In accordance with the Korean Nationwide Police Company, the suspect added malware to the KMSAuto instrument that checked clipboard contents for cryptocurrency addresses and adjusted the vacation spot tackle to at least one managed by the attacker. One of these menace known as clipper malware.
“From April 2020 to January 2023, the hacker distributed 2.8 million copies worldwide of malware disguised as an unlawful Home windows license activation program (KMSAuto),” the police say.
“Via this malware, the hacker stole digital belongings price roughly KRW 1.7 billion ($1.2 million) in 8,400 transactions from customers of three,100 digital asset addresses.”
The police began the investigation in August 2020, following a report about cryptojacking, the place the sufferer’s system was contaminated by clipper malware, swapping the supposed recipient’s pockets tackle to direct funds to the attacker.
Supply: police.go.kr
The investigation uncovered a malware an infection via the stated KMSAuto instrument. The clipper focused a minimum of six cryptocurrency exchanges, in accordance with the investigators.
After tracing the stolen quantities and figuring out the perpetrator, a raid occurred in December 2024 in Lithuania, the place 22 gadgets, together with laptop computer computer systems and cellphones, have been confiscated.
Examination of the seized gadgets revealed incriminating proof, ultimately resulting in the arrest of the hacker in April 2025, whereas he was touring from Lithuania to Georgia.
The South Korean police remind the general public that utilizing unlawful software program that violates copyright is dangerous as a result of such instruments can introduce malware into the system.
One of these utility has typically been used to distribute malware. Not too long ago, cybercriminals impersonated the Microsoft Activation Scripts (MAS) instrument to unfold PowerShell scripts that delivered the Cosmali Loader malware.
It’s endorsed to keep away from utilizing unofficial software program product activators and, extra typically, any Home windows executables that aren’t digitally signed and whose supply or integrity can’t be validated.
Damaged IAM is not simply an IT drawback – the impression ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM appears to be like like, and a easy guidelines for constructing a scalable technique.
