Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs spread by unknown sources that actively target crypto investors in a desktop environment.
Since December 2022, the two malicious files in question, the MortalKombat ransomware and the Laplas Clipper malware threats, have been actively exploring the Internet to steal cryptocurrency from unsuspecting investors, threat intelligence research team Cisco Talos has revealed. The victims of this campaign are predominantly in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.
Malicious software works collaboratively to get hold of information stored on the user’s clipboard, which is typically a string of letters and numbers copied by the user. The infection then detects the wallet addresses copied to the clipboard and replaces them with a different address.
The attack relies on the user’s inattention to the sender’s wallet address, which would send the cryptocurrencies to the unidentified attacker. With no obvious target, the attack encompasses large and small organizations and individuals.
Once infected, MortalKombat ransomware encrypts user files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URL) associated with the attack campaign, Talos report fixed:
“One of them reaches a server controlled by an attacker through the IP address 193[.]169[.]255[.]78, based in Poland, to download MortalKombat ransomware. According to Talos’s analysis, 193[.]169[.]255[.]78 is running an RDP sniffer, scanning the Internet for the exposed RDP port 3389.”
As explained Per Malwarebytes, the “tag team campaign” begins with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and run the ransomware when opened.
By detecting high-potential malware early, investors can proactively prevent this attack from affecting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making any investments while ensuring the official source of communications. Check out this Cointelegraph magazine article to learn how to keep crypto assets safe.
Related: US Department of Justice seizes website of prolific ransomware gang Hive
On the other hand, as ransomware victims continue to reject extortion demands, ransomware revenue for attackers plummeted 40% to $456.8 million in 2022.
Disclosing the information, Chainalysis noted that the figures do not necessarily mean that the number of attacks has decreased from the previous year.