Crypto investors under attack by two new malware, reveals Cisco Talos

Anti-Malware Software Malwarebytes has identified two new forms of malware distributed by unknown sources that are actively targeting crypto investors in the desktop environment.

Since December 2022, the two malwares in question — the MortalKombat ransomware and the Laplas Clipper malware threat — have been actively probing the internet for the theft of cryptocurrencies from unsuspecting investors, Cisco Threat Intelligence Research Group Talos reported. The victims of this campaign are predominantly in the United States, with smaller percentages in the UK, Turkey and the Philippines, as shown below.

Victimology of a malicious campaign. Source: Cisco Talos

The malware works in partnership to obtain information stored on the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects the wallet addresses copied to the clipboard and replaces them with a different address.

The attack is based on the user’s inattention to the sender’s wallet address, which can send cryptocurrencies to an unidentified attacker. Lacking an obvious target, the attack involves individuals as well as small and large organizations.

Ransom notes shared by the MortalKombat ransomware. Source: Cisco Talos

Once infected, the MortalKombat ransomware encrypts the user’s files and leaves a ransom note with payment instructions as shown above. Identification of download links (URLs) associated with an attack campaign, Talos report declared:

“One of them reaches the attacker-controlled server at IP address 193.[.]169[.]255[.]78 based in Poland to download the MortalKombat ransomware. According to Talos’s analysis, 193[.]169[.]255[.]78 launches an RDP crawler that scans the Internet for the insecure RDP port 3389.”

How explained Malwarebytes “Team Campaign” begins with a cryptocurrency-themed email containing a malicious attachment. The attachment launches a BAT file that helps download and run the ransomware when opened.

With early detection of high-potential malware, investors can proactively prevent this attack from impacting their financial well-being. As always, Cryptooshala advises investors to exercise due diligence before making an investment, while providing an official source of reports. Check out this Cryptooshala magazine article to learn how to secure crypto assets.

The US Department of Justice has blocked the website of the Hive ransomware gang

On the other hand, as ransomware victims continue to refrain from ransomware, ransomware attacker revenues have fallen 40% to $456.8 million in 2022.

The total amount extorted by ransomware attackers between 2017 and 2022. Source: Chain analysis

While disclosing the information, Chainalysis noted that the numbers do not necessarily mean that the number of attacks has decreased compared to the previous year.

Credit :

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker