Malwarebytes anti-malware software has exposed two new forms of malicious computer programs spread by unknown sources that are actively targeting crypto investors in a desktop environment.
Since December 2022, the two malicious files in question – MortalKombat ransomware and Laplas Clipper malware threats – have actively searched the internet to steal cryptocurrencies from unwary investors, threat research team, Cisco revealed. Talos. Victims of this campaign are primarily in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.
Malware works in partnership to scan information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects the wallet addresses copied to the clipboard and replaces them with a different address.
The attack relies on the user’s inattention to the sender’s wallet address, which would send the cryptocurrencies to the unidentified attacker. With no obvious target, the attack extends to individuals and organizations large and small.
Once infected, MortalKombat ransomware encrypts user files and drops a ransom note with payment instructions as shown above. Revealing the download links (URLs) associated with the attack campaign, the Talos report declared:
“One of them reaches an attacker-controlled server via IP address 193(.)169(.)255(.)78, based in Poland, to download MortalKombat ransomware. According to Talos analysis, 193(.)169(.)255(.)78 runs an RDP crawler, scanning the internet for exposed RDP port 3389.
As explain by Malwarebytes, the “tag-team campaign” begins with a cryptocurrency-themed email containing a malicious attachment. The attachment executes a BAT file which allows the ransomware to be downloaded and executed when opened.
Through early detection of high-potential malware, investors can proactively prevent this attack from affecting their financial well-being. As always, Cointelegraph advises investors to carry out thorough due diligence before making investments while ensuring the official source of communications. Check out this Cointelegraph Magazine article on how to protect crypto assets.
Related: US Department of Justice seizes website of prolific Hive ransomware gang
On the other hand, as ransomware victims continue to deny extortion requests, ransomware revenue for attackers has dropped 40% to $456.8 million in 2022.
While revealing the information, Chainalysis noted that the numbers do not necessarily mean that the number of attacks is down from the previous year.