Arrest of hacker who infected 2.8 million and stole $1.26 million
TL;DR
A 29-year-old man from Lithuania was arrested for allegedly propagating malware based on KMSAuto, often used for illegal activation of Microsoft Office 2019, compromising around 2.8 million operating systems to steal banking information and cryptocurrency wallet addresses.
A 29-year-old man from Lithuania was arrested for his alleged involvement in the propagation of malware based on KMSAuto, a tool often used for illegal activation of Microsoft Office 2019. The accused is believed to have compromised approximately 2.8 million operating systems, aiming to steal banking information and cryptocurrency wallet addresses.
The suspect's arrest occurred after his extradition from Georgia to South Korea, facilitated by Interpol. According to the National Police Agency of Korea, he adapted the piracy tool to create a trojan, which presented itself as a conventional executable but actually monitored the victims' transactions to replace cryptocurrency addresses with those controlled by the hacker.
This technique allowed the criminal to redirect transactions without the users' consent, causing significant financial losses.
Loss of $1.26 million over three years
Between 2020 and 2023, the malware was downloaded approximately 2.8 million times worldwide. The clipper, as it is known, intercepted and replaced wallet addresses during transactions, facilitating the misappropriation of about 1.7 billion wons, representing approximately $1.26 million, through 8,400 transactions involving 3,100 different wallets.
Additionally, eight victims in South Korea reported losses totaling 16 million wons due to this malicious software.
How the investigation led to the criminal's arrest
The investigation began in August 2020 after a victim reported to the police the loss of 1 Bitcoin, valued at around $10,000 at the time. The investigation revealed that the malware swapped the wallet address during transactions, allowing funds to be diverted to accounts controlled by the hacker.
Investigators identified a large-scale criminal operation affecting exchanges and businesses in at least six countries, tracing illicit cryptocurrency flows that led to the identification of the Lithuanian criminal.
After seizing devices from the suspect, the police issued an Interpol red notice, resulting in his capture in Georgia.
The director of cyber investigation at the National Police Agency, Park Woo-hyun, warned about the dangers of malicious software and emphasized the need for vigilance regarding programs from unknown sources. "In the future, the police will continue to collaborate with international law enforcement agencies to combat cybercrime, taking a stringent approach, including repatriation of those responsible," he stated.
Content selected and edited with AI assistance. Original sources referenced above.
