Anti-malware Malwarebytes has highlighted two new malicious computer programs spread by unknown sources that actively target cryptocurrency investors in desktop environments.
The two malicious files the MortalKombat ransomware and the Laplas Clipper malware have been actively scouring the internet and stealing cryptocurrency from unwary investors since December 2022, threat intelligence research team Cisco Talos revealed. Victims of the campaign were primarily located in the United States, with smaller proportions in the United Kingdom, Turkey, and the Philippines.
The malware works in concert to obtain information stored on the user's clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects the wallet address copied to the clipboard and replaces it with a different one.
The attack relies on users being negligent about sender wallet addresses, which would send cryptocurrencies to unidentified attackers. With no apparent target, the attacks span individuals and organizations large and small.
Once infected, the MortalKombat ransomware encrypts the user's files and drops a ransom note with payment instructions, as shown above. Talos' report reveals download links (URLs) associated with the campaign: “One of them reached an attacker-controlled server via IP address 193[.]169[.]255[.]78 located in Poland to download the MortalKombat ransomware. According to Talos analysis, 193[.]169[.]255[. ]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389."
As Malwarebytes explains, the "tag-team campaign" began with encrypted-themed emails containing malicious attachments. The attachment runs a BAT file that, when opened, helps download and execute the ransomware.
With the early detection of high-potential malware, investors can proactively prevent such attacks from impacting their financial health. As always, Cointelegraph advises investors to conduct extensive due diligence before investing, while also securing official communication sources. Check out this Cointelegraph Magazine article to learn how to keep your crypto assets safe.
Attackers’ ransomware revenue, on the other hand, will plummet 40% to $456.8 million in 2022 as ransomware victims continue to reject ransom demands. Chainalysis noted in its disclosure that these numbers do not necessarily mean that the number of attacks is down from the previous year.
