Nowadays, everyone knows the risks of downloading pirated software—just look at all the memes about Limewire destroying computers. Yet, people still download these programs, only to find their computers infected with malware.
In this talk, we’ll explore an exciting case of a previously unknown malware called MassJacker, found on a pirated software site. MassJacker is a heavily protected cryptojacking malware that uses a wide range of advanced anti-analysis techniques. As we go over the techniques, we’ll show how some of the code used to implement the techniques suggests a connection to another malware known as MassLogger.
Once we’re done exploring the anti-analysis techniques used to protect MassJacker, we’ll look at the malware and the wallets it used. In addition, we’ll see how a flaw in how the malware uses AES encryption allowed us to recover crypto-wallets from previous campaigns totaling 778,531 unique addresses, with one worth over 300,000$!
