Korean police arrest Lithuanian KMSAuto malware suspect
Law Enforcement
Summary
Hide ▲
Show ▼
South Korean police arrested a Lithuanian national in a KMSAuto malware case, escalating a cross-border probe into clipboard-stealing attacks and crypto theft. Investigators say the malware was disguised as an illegal Windows and Office activator and was used to infect 2.8 million systems. The arrest matters because the alleged operation reached virtual-asset users and caused about KRW 1.7 billion ($1.2 million) in losses.
Related Happenings
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal Action
First: 19.05.2026 18:00
Last: 19.05.2026 18:00
Sources 1
About this happening:
Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Microsoft civil action against Fox Tempest infrastructure takedown
Regulatory/Legal ActionAbout this happening: Microsoft filed a **civil action** against **Fox Tempest** in the **US District Court for the Southern District of New York**, securing a **court order** that enabled a broad disr...
Interpol Operation Ramz cybercrime crackdown in MENA
Law Enforcement
First: 18.05.2026 17:00
Last: 18.05.2026 17:00
Sources 1
About this happening:
**INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...
Interpol Operation Ramz cybercrime crackdown in MENA
Law EnforcementAbout this happening: **INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...
Oleg Evgenievich Nefedov wanted listing in Black Basta case
Law Enforcement
First: 16.01.2026 21:00
Last: 16.01.2026 21:00
Sources 1
About this happening:
Authorities seized digital storage devices and cryptocurrency assets in raids against the **Black Basta** ransomware network, deepening a cross-border case against its leadership...
Oleg Evgenievich Nefedov wanted listing in Black Basta case
Law EnforcementAbout this happening: Authorities seized digital storage devices and cryptocurrency assets in raids against the **Black Basta** ransomware network, deepening a cross-border case against its leadership...
KMSAuto-disguised clipper malware distribution
Malware Activity
First: 29.12.2025 21:25
Last: 29.12.2025 21:25
Sources 1
How related:
From April 2020 to January 2023, the hacker distributed 2.8 million copies worldwide of malware disguised as an illegal Windows license activation program (KMSAuto),
About this happening:
The **KMSAuto-disguised clipper malware** spread through **2.8 million copies** worldwide, silently replacing cryptocurrency wallet addresses and driving theft from virtual-asset...
KMSAuto-disguised clipper malware distribution
Malware ActivityHow related: From April 2020 to January 2023, the hacker distributed 2.8 million copies worldwide of malware disguised as an illegal Windows license activation program (KMSAuto),
About this happening: The **KMSAuto-disguised clipper malware** spread through **2.8 million copies** worldwide, silently replacing cryptocurrency wallet addresses and driving theft from virtual-asset...
Interpol Operation Sentinel cybercrime arrests
Law Enforcement
First: 22.12.2025 20:38
Last: 22.12.2025 20:38
Sources 1
About this happening:
**Interpol** coordinated **Operation Sentinel**, and law enforcement **arrested 574 individuals** in a **cross-border cybercrime crackdown** tied to **business email compromise, e...
Interpol Operation Sentinel cybercrime arrests
Law EnforcementAbout this happening: **Interpol** coordinated **Operation Sentinel**, and law enforcement **arrested 574 individuals** in a **cross-border cybercrime crackdown** tied to **business email compromise, e...
Timeline
-
29.12.2025 21:25 2 articles · 4mo ago
Initial report: Korean police arrest Lithuanian KMSAuto malware suspect
Initial DisclosureThe case began in **August 2020** after a report of **clipper malware** swapping cryptocurrency wallet addresses, launching an investigation that later connected the activity to a cross-border suspect and arrest.
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25