Malwarebytes anti-malware software highlighted two new malicious computer programs distributed by an unknown source actively targeting crypto investors in the desktop environment.
Since December 2022, two malicious files in question – MortalKombat ransomware and Laplas Clipper malware – have been actively searching the internet and stealing cryptocurrencies from unwary investors, announced the threat intelligence research team, Cisco Talos. The victims of the campaign were mostly in the United States, with smaller percentages of victims in the United Kingdom, Turkey and the Philippines, as shown below.
Malicious software works together to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects the wallet address copied to the clipboard and replaces it with a different address.
The attack relies on users ignoring the sender’s wallet address, which will send cryptocurrencies to unknown attackers. Without a clear target, these attacks include individuals and organizations small and large.
Once infected, MortalKombat ransomware encrypts user files and leaves a ransom note with payment instructions, as shown above. Revealing the download link (URL) associated with the attack campaign, the Talos report states:
“One of them reached the server controlled by the attacker via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos analysis, 193[.]169[.]255[.]78 run an RDP crawler, scanning the internet for exposed RDP ports 3389.
As described by Malwarebytes, the “tag team campaign” started with cryptocurrency-themed emails containing malicious attachments. The attachment opens a BAT file that helps download and execute ransomware when opened.
Thanks to the early detection of high-potential malicious software, investors can proactively prevent this attack from affecting their financial well-being. As always, Cointelegraph advises investors to do their due diligence before investing, while ensuring an official source of communication. Check out this Cointelegraph Magazine article to learn how to keep your crypto assets safe.
related: The US Department of Justice seized the website of the prolific Hive ransomware gang
On the flip side, as ransomware victims continue to reject extortion demands, ransomware revenue for attackers dropped 40% to $456.8 million in 2022.
While disclosing the information, Chainalysis notes that these figures do not mean that the number of attacks decreased from the previous year.