Crypto investors under attack by two new malware, reveals Cisco Talos

Published at: Feb. 18, 2023

Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment. 

Since December 2022, the two malicious files in question — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The victims of this campaign are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.

The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.

The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

Once infected, the MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos’ report stated:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.

Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments while ensuring the official source of communications. Check out this Cointelegraph Magazine article to learn how to keep crypto assets safe.

Related: US Justice Department seizes website of prolific ransomware gang Hive

On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.

While revealing the information, Chainalysis noted that the figures don’t necessarily mean the number of attacks is down from the previous year.

Tags
Adoption
Business
Cryptocurrencies
Ransomware
Ransom
Malware
Exp Attack
Related Posts
FTX crypto exchange expands to Bahamas with new registration
FTX, one of the world’s largest cryptocurrency exchanges, continues expanding operations by inking major regulatory approval in The Bahamas. The Securities Commission of The Bahamas has registered FTX Digital Markets, the Bahamian subsidiary of the global FTX crypto exchange, as an official digital asset business, the firm announced Sept. 20. The regulatory approval is granted under the Digital Asset Registered Bill of The Bahamas, the country’s new digital asset-related legislation that came into force in late 2020. Also known as the DARE Act, the legislation establishes a comprehensive regulatory framework for digital asset operations in The Bahamas, regulating and supervising …
Adoption / Sept. 20, 2021
Major Asian Ticketing Agency Accepts Bitcoin on Lightning Network
Vietnamese online ticketing agency Future.Travel now accepts Bitcoin (BTC) payments via the Lightning Network (LN), with funds being converted into local currency at the time of sale. To enable LN-based Bitcoin payments, Future.Travel collaborated with Canada-based tech firm Neutronpay, which will provide Future.Travel its multi-currency merchant platform, according to an April 20 announcement. With the newly integrated option, the BTC transaction processing time will ostensibly be cut down to three to four seconds in most cases. Eliminating fraud, reducing transaction processing time Overall, Future.Travel has been supporting BTC payments for over six years and recently added other cryptocurrencies like Litecoin …
Adoption / April 20, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Ethereum white paper predicted DeFi but missed NFTs: Vitalik Buterin
Rounding up the last decade, Ethereum co-founder Vitalik Buterin revisited his predictions made over the years, showcasing a knack for being right about abstract ideas than on-production software development issues. Buterin started the Twitter thread by addressing his article dated Jul. 23, 2013 in which he highlighted Bitcoin's (BTC) key benefits — internationality and censorship resistance. Buterin foresaw Bitcoin’s potential in protecting the citizens’ buying power in countries such as Iran, Argentina, China and Africa. However, Buterin also noticed a rise in stablecoin adoption as he saw Argentinian businesses operating in Tether (USDT). He backed up his decade-old ideas around …
Adoption / Jan. 2, 2022
Binance CEO explains what he's most excited about in 2022
During Paris Blockchain Week, Changpeng Zhao, CEO of Binance, the largest centralized cryptocurrency exchange in the world, sat down with Cointelegraph reporter Joe Hall for an exclusive interview. When asked about what excites him the most in crypto in 2022, Zhao said "We're now seeing regulators who want to be a part of this industry. So I think that's one of the most fundamental things we've shifted." "Multiple countries, such as the U.S., issued an executive order regarding stablecoins. Along with Bahrain, Dubai built a regulatory framework and issued a number of licenses to big players." Binance CEO Changpeng Zhao …
Adoption / April 14, 2022