This New Malware Targets Crypto Investors Globally! Here’s how you can discover it

New Delhi,UPDATED: 20 February 2023 19:30 IST

By Emerging Tech Team: The cryptoverse is no stranger to malware and cybercriminals targeting crypto users to steal their money. In a recent report by anti-malware software firm Malwarebytes, it has been found that a new strain of malware known as MortalKombat ransomware and a GO variant of the Laplas Clipper malware have been targeting crypto investors and scamming them out of their money.

The victims of this newly discovered threat are largely concentrated in the United States, with a small number of victims from the United Kingdom, earthquake-stricken Turkey, and the Philippines.

Malwarebytes’ threat intelligence team, Cisco Talos, said it had scanned the internet for such threats and also potential targets that had an exposed Remote Desktop Protocol (RDP) port 3389. This is a protocol that allows a user to connect to another user over the network using a graphical interface.

How do the attackers target people?

According to the research, the attack was initiated via a phishing email that led to a multi-stage attack chain. In this form of attack, the attackers pretend to be CoinPayments, a legitimate global payment gateway for cryptocurrency. In addition, the emails have a fake sender email, “noreply[at]Coin payments[.]net”, and the email subject “[CoinPayments[.]net]Timeout for payment.”

How Mortalkombat ransomware attacks the system. (Photo: talosintelligence.com)

After this, a ZIP file is attached with a file name similar to the transaction ID mentioned in the email body. The recipient of the email (expecting a reward) opens the ZIP file and sees the contents of the file. This leads to the malicious program entering the users’ system and then exploiting vulnerabilities.

After this, when a user tries to send crypto to an exchange or another user, the ransomware redirects the money to the attacker’s wallet without notifying the users.

“The loader script will run the dropped payload as a process on the victim’s machine, then delete the downloaded and dropped malicious files to clean up the infection markers,” the report further added.

The threat is not dead

The research firm also notes that most of the attacks were carried out using phishing emails and impersonating well-known crypto payment platforms. In the past, there have been cases where some users have been inadvertently sent crypto by top crypto exchanges, and this acts as a major trigger point in this type of scam.

Although it has been reported that the revenue generated by crypto scams has fallen by over 45 percent in the past year, it is still not a safe ecosystem for crypto investors who are duped by such scams.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *