The “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment
Anti-malware software Malwarebytes highlighted that crypto investors in a desktop environment are being actively targeted by two new forms of malicious computer programs propagated by unknown sources.
Internet has been actively scouted for stealing cryptocurrencies from unwary investors by two malicious files in question — MortalKombat ransomware and Laplas Clipper malware threats since December 2022, revealed the threat intelligence research team, Cisco Talos. With a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, the victims of this campaign are predominantly located in the United States.
The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.
The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.
The MortalKombat ransomware, once infected, encrypts the user’s files and drops a ransom note with payment instructions, revealing the download links (URLs) associated with the attack campaign, Talos’ report stated.
“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”
As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.
Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments while ensuring the official source of communications.
On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics