Crypto investors under attack by two new malware, reveals Cisco Talos
Since December 2022, the two malicious files MortalKombat ransomware and Laplas Clipper malware have been actively scouting the internet and stealing cryptocurrencies from unwary investors. 2695 Total views 41 Total shares Listen to article 0:00 News Own this piece of history
Collect this article as an NFT Anti-malware software Malwarebytes highlighted two new malicious computer programs propagated by unknown sources actively targeting crypto investors in a desktop environment.
Since December 2022, the two malicious files in question MortalKombat ransomware and Laplas Clipper malware have been actively scouting the internet and stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The campaigns victims are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey and the Philippines, as shown below.Victimology of the malicious campaign. Source: Cisco Talos
The malicious software work in partnership to swoop information stored in the users clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.
The attack relies on the users inattentiveness to the senders wallet address, which would send the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.Ransom notesshared by MortalKombat ransomware. Source: Cisco Talos
Once infected, the MortalKombat ransomware encrypts the users files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos report stated:One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.
As explained by Malwarebytes, the tag-team campaign starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.
Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before investing, while ensuring the official source of communications. Check out this Cointelegraph Magazine article to learnhow to keep crypto assets safe.
Related: US Justice Department seizes website of prolific ransomware gang Hive
On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.Total value extorted by ransomware attackers between 2017 and 2022. Source: Chainalysis
While revealing the information, Chainalysis noted that the figures dont necessarily mean the number of attacks is down from the previous year. #Cryptocurrencies #Business #Adoption #Malware #Ransomware #Ransom #EXP Attack
Add reaction
Add reaction Related News How to get a job in the Metaverse and Web3 DBS Bank to offer cryptocurrency trading in Hong Kong 9 crypto gifts for your Valentines Day date Angel investors vs. venture capitalists Wyoming lawmakers pass bill to prevent forced disclosure of private keys