Lithuanian National Arrested for KMSAuto Clipper Malware Campaign

First reported

29.12.2025 21:25

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A Lithuanian national has been arrested for distributing KMSAuto malware, which infected 2.8 million systems worldwide. The malware, disguised as a tool for illegally activating Windows and Office software, stole approximately $1.2 million in cryptocurrency by replacing clipboard addresses. The suspect was extradited from Georgia to South Korea following an Interpol-coordinated investigation. The malware campaign targeted at least six cryptocurrency exchanges and operated from April 2020 to January 2023. The investigation began in August 2020 after a report of cryptojacking involving clipper malware. A raid in Lithuania in December 2024 led to the suspect's arrest in April 2025.

Timeline

29.12.2025 21:25 1 articles · 23h ago

Lithuanian National Arrested for KMSAuto Clipper Malware Campaign
A Lithuanian national was arrested for distributing KMSAuto malware, which infected 2.8 million systems worldwide. The malware stole approximately $1.2 million in cryptocurrency by replacing clipboard addresses. The suspect was extradited from Georgia to South Korea following an Interpol-coordinated investigation. The campaign targeted at least six cryptocurrency exchanges and operated from April 2020 to January 2023. The investigation began in August 2020 after a report of cryptojacking, leading to the suspect's arrest in April 2025.
Show sources

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
Open in new tab

Information Snippets

The suspect distributed 2.8 million copies of KMSAuto malware worldwide from April 2020 to January 2023.
First reported: 29.12.2025 21:25

1 source, 1 article
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
The malware stole approximately $1.2 million in cryptocurrency through 8,400 transactions from 3,100 virtual asset addresses.
First reported: 29.12.2025 21:25

1 source, 1 article
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
The investigation began in August 2020 after a report of cryptojacking involving clipper malware.
First reported: 29.12.2025 21:25

1 source, 1 article
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
The raid in Lithuania in December 2024 confiscated 22 items, including laptops and mobile phones.
First reported: 29.12.2025 21:25

1 source, 1 article
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25
The suspect was arrested in April 2025 while traveling from Lithuania to Georgia.
First reported: 29.12.2025 21:25

1 source, 1 article
Show sources
- Hacker arrested for KMSAuto malware campaign with 2.8 million downloads — www.bleepingcomputer.com — 29.12.2025 21:25