Ethical Hacking News
South Korean authorities have arrested a 29-year-old Lithuanian national suspected of spreading KMSAuto malware that infected 2.8 million systems worldwide, resulting in $1.7 billion worth of stolen cryptocurrency.
A Lithuanian national was arrested in South Korea for spreading malicious malware known as KMSAuto, infecting 2.8 million Windows and Office systems worldwide. The suspect had trojanized the KMSAuto piracy tool to distribute clipper malware that monitored victims' cryptocurrency addresses. The malware resulted in $1.7 billion in stolen virtual assets across 8,400 transactions. The investigation was launched after a victim lost 1 Bitcoin worth about 12 million won due to the malware's actions. Law enforcement agencies worldwide are working together to combat borderless cybercrime and warn users to exercise caution when downloading software from unknown sources.
In a stunning turn of events, law enforcement officials in South Korea have announced the arrest of a Lithuanian national suspected of spreading malicious malware known as KMSAuto, which has infected a staggering 2.8 million Windows and Office systems worldwide. The suspect, identified as a 29-year-old man from Lithuania, was extradited to South Korea from Georgia under the coordination of Interpol.
According to authorities, the suspect had trojanized the KMSAuto piracy tool to distribute clipper malware that monitored victims' clipboards for cryptocurrency addresses and replaced them with attacker-controlled wallets. This type of threat is known as "clipper malware," which allows hackers to redirect cryptocurrency transactions without users' knowledge or consent.
The malicious software was downloaded approximately 2.8 million times worldwide, including in South Korea, between April 2020 and January 2023. Investigators identified 3,100 compromised cryptocurrency wallet addresses, which were used in 8,400 transactions to steal virtual assets worth approximately $1.7 billion. Eight South Korean victims were confirmed to have suffered combined losses of about $16 million.
The investigation into the suspect's activities was launched in August 2020 after a victim lost 1 Bitcoin, worth about 12 million won, when malware automatically replaced the intended wallet address with one controlled by a hacker during a transaction. The infection came from KMSAuto, an illegal Windows activation tool downloaded online.
With the help of international partners, police seized the suspect's devices and issued an Interpol red notice to apprehend him. The suspect was arrested in Georgia and extradited to South Korea, where he is currently being held without bail.
This arrest marks a significant victory for law enforcement agencies worldwide in their efforts to combat borderless cybercrime. "Various damages caused by malicious programs," said Park Woo-hyun, cyber investigation director at the National Police Agency of South Korea. "To prevent this, you should be careful with programs from unknown sources."
The incident highlights the growing threat of malware and the need for users to exercise extreme caution when downloading software from unverified sources. KMSAuto, in particular, was a widely distributed piracy tool that allowed users to activate Microsoft Windows without purchasing a legitimate license.
Cybersecurity experts warn that this type of attack is just the tip of the iceberg, as malicious actors continue to evolve and improve their tactics. "In the future too, Police are working with law enforcement agencies around the world to combat borderless cybercrime," said Park Woo-hyun.
The incident serves as a stark reminder of the importance of staying vigilant in today's digital landscape. Users must remain aware of the risks associated with downloading software from unknown sources and take steps to protect themselves against malware and other cyber threats.
In conclusion, the arrest of the Lithuanian suspect for spreading KMSAuto malware is a significant blow to malicious actors worldwide. Law enforcement agencies have demonstrated their commitment to combating borderless cybercrime, and users must remain vigilant in protecting themselves against these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Lithuanian-Suspect-Arrested-for-Widespread-Cryptocurrency-Theft-via-KMSAuto-Malware-ehn.shtml
Published: Tue Dec 30 05:58:40 2025 by llama3.2 3B Q4_K_M
