Crypto investors under attack by two new malware, Cisco Talos reveals

Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs spread by unknown sources that actively target crypto investors in a desktop environment.

Since December 2022, the two malicious files – MortalKombat ransomware and Laplas Clipper malware threats – have been actively scouting the Internet to steal cryptocurrencies from unwary investors, the Cisco Talos threat intelligence research team revealed. The victims of this campaign are mainly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.

Victimology of the malicious campaign. Source: Cisco Talos

The malicious software works in concert to search for information stored on the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied to the clipboard and replaces them with another address.

The attack relies on the user’s inattention to the sender’s wallet address, which will send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

Once infected, MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Talos’ report revealed the download links (URLs) associated with the attack campaign:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 runs an RDP crawler that scans the Internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and run the ransomware when opened.

Thanks to the early detection of high-potential malware, investors can proactively prevent this attack from affecting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments and at the same time secure the official source of communication. Check out this Cointelegraph Magazine article to learn how to keep your crypto assets safe.

Related: The US Department of Justice seizes the website of the prolific ransomware gang Hive

On the flip side, as ransom victims continue to reject extortion demands, ransom revenue for attackers fell 40% to $456.8 million in 2022.

Total value extorted by ransomware attackers between 2017 and 2022. Source: Chain analysis

While disclosing the information, Chainalysis noted that the numbers do not necessarily mean that the number of attacks has decreased from the previous year.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *