March 31, 2023


Your trusted source for crypto news and insights

Cisco Talos reveals two new malware targeting crypto investors

2 min read

Crypto investors face new malware threats targeting their desktop environments, according to recent findings by threat intelligence research team, Cisco Talos.

The two new forms of malicious software, MortalKombat ransomware and Laplas Clipper malware, have been actively circulating since December 2022 and have targeted unsuspecting victims primarily in the United States, as well as the United Kingdom, Turkey, and the Philippines.

Victimology of the malicious campaign. Source: Cisco Talos

The malware operates by monitoring the user’s clipboard for wallet addresses and replacing them with a different address, which redirects cryptocurrencies to the attacker’s wallet. This attack heavily relies on the user’s carelessness and inattentiveness towards the sender’s wallet address.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

After infecting a device, the MortalKombat ransomware encrypts the user’s files and presents a ransom note containing payment instructions, as previously mentioned. The report by Talos also disclosed the download links (URLs) associated with the attack campaign.

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

Malwarebytes has shed light on the “tag-team campaign” that involves a cryptocurrency-themed email with a malicious attachment. Once the attachment is opened, a BAT file is run that downloads and executes the ransomware.

Fortunately, the malicious software has been detected early, enabling investors to take proactive measures to protect their financial security. As a general rule, Cointelegraph recommends that investors conduct thorough due diligence before making any investments and verify the authenticity of communications from official sources.

Chainalysis has reported a 40% drop in ransomware to $456.8 million in 2022 as victims increasingly refuse to pay extortion demands.

Total value extorted by ransomware attackers between 2017 and 2022. Source: Chainalysis

However, it should be noted that this decrease in revenue does not necessarily indicate a reduction in the number of attacks compared to the previous year.

Source link