Cisco Talos reveals two new malware targeting crypto investors2 min read
Crypto investors face new malware threats targeting their desktop environments, according to recent findings by threat intelligence research team, Cisco Talos.
The two new forms of malicious software, MortalKombat ransomware and Laplas Clipper malware, have been actively circulating since December 2022 and have targeted unsuspecting victims primarily in the United States, as well as the United Kingdom, Turkey, and the Philippines.
The malware operates by monitoring the user’s clipboard for wallet addresses and replacing them with a different address, which redirects cryptocurrencies to the attacker’s wallet. This attack heavily relies on the user’s carelessness and inattentiveness towards the sender’s wallet address.
Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos
“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”
Malwarebytes has shed light on the “tag-team campaign” that involves a cryptocurrency-themed email with a malicious attachment. Once the attachment is opened, a BAT file is run that downloads and executes the ransomware.
Fortunately, the malicious software has been detected early, enabling investors to take proactive measures to protect their financial security. As a general rule, Cointelegraph recommends that investors conduct thorough due diligence before making any investments and verify the authenticity of communications from official sources.
Chainalysis has reported a 40% drop in ransomware to $456.8 million in 2022 as victims increasingly refuse to pay extortion demands.
However, it should be noted that this decrease in revenue does not necessarily indicate a reduction in the number of attacks compared to the previous year.