Claim Giveaway Token Proof of Reserve

Cisco Talos Highlights Two New Malware, Targeting Crypto Investors

  • Cisco Talos has identified two new pieces of malware that are targeting cryptocurrency investors.

  • These malicious programs are designed to steal sensitive information, such as login credentials and private keys, from unsuspecting victims.

  • The malware is spread through malicious websites, emails, and other online sources.

Cisco Talos Highligh

Crypto investors are under siege from two new malicious pieces of software, according to a recent report from Cisco Talos.

Since December 2022, the two malicious files - MortalKombat ransomware and Laplas Clipper malware - have been actively prowling the internet in search of unsuspecting cryptocurrency investors to target. These threats have been successful in stealing digital assets from those who are not adequately prepared to protect themselves.

Since December 2020, Malwarebytes has highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment. 

The two malicious files in question — MortalKombat ransomware and Laplas Clipper malware threats — have been scouring the Internet for unsuspecting victims, with the majority of them located in the United States, followed by a smaller percentage in the United Kingdom, Turkey, and the Philippines. This malicious campaign has been wreaking havoc on crypto investors, leaving them vulnerable to the theft of their digital assets.

Victimology of the malicious campaign. Source: Cisco Talos

Malicious software works in tandem to access information stored in a user's clipboard, which is typically a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a malicious address.

This attack takes advantage of the user's lack of attention to the sender's wallet address, allowing the unidentified attacker to receive the cryptocurrencies. This type of attack is indiscriminate, targeting both individuals and organizations of all sizes.

Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos

Once infected, the MortalKombat ransomware encrypts the user's files and drops a ransom note with payment instructions, as depicted above. Talos' report revealed the download links (URLs) associated with the attack campaign, 

“Indicating that one of them reaches an attacker-controlled server located in Poland via IP address 193[.]169[.]255[.]78. This server is running an RDP crawler, which scans the internet for exposed RDP port 3389.”

According to Malwarebytes, a "tag-team campaign" of malicious activity has been detected, beginning with a cryptocurrency-themed email containing a malicious attachment. When opened, the attachment runs a BAT file that downloads and executes ransomware.

Investors can take proactive steps to protect their financial well-being by performing extensive due diligence before making investments and verifying the source of communications. To learn more about how to keep crypto assets safe, in the article.

Unfortunately, ransomware attackers have seen a 40% decrease in revenue, dropping to $456.8 million in 2022, as victims increasingly refuse to pay extortion demands.

Total value extorted by ransomware attackers between 2017 and 2022.

Reports revealed that the figures do not necessarily indicate a decrease in attacks from the previous year. However, further analysis is needed to determine whether this is the case.

Also, Read - Binance is Reportedly Set to Settle With US Regulators for Past Misconduct

Related News
Related Blogs