VERY IMPORTANT

Researchers discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022. OpcJacker is an interesting piece of malware, since its configuration file uses a custom file format to define the stealer’s behavior. Specifically, the format resembles custom virtual machine code, where numeric hexadecimal identifiers present in the configuration file make the stealer run desired functions. The purpose of using such a design is likely to make understanding and analyzing the malware’s code flow more difficult for researchers.